Lucene search
MitreCVE-2008-4769HistoryOct 28, 2008 - 10:30 a.m.
CVE-2008-4769
2008-10-2810:30:01
CWE-22
mitre
web.nvd.nist.gov
62
wordpress
directory traversal
vulnerability
cve-2008-4769
nvd
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.2
Confidence
Low
EPSS
0.012
Percentile
85.5%
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
wordpresswordpressRange≤2.3.3
ORwordpresswordpressMatch0.6.2
ORwordpresswordpressMatch0.6.2beta_2
ORwordpresswordpressMatch0.6.2.1
ORwordpresswordpressMatch0.6.2.1beta_2
ORwordpresswordpressMatch0.7
ORwordpresswordpressMatch0.71
ORwordpresswordpressMatch0.71-gold
ORwordpresswordpressMatch0.72
ORwordpresswordpressMatch0.72beta1
ORwordpresswordpressMatch0.72beta2
ORwordpresswordpressMatch0.72rc1
ORwordpresswordpressMatch0.711
ORwordpresswordpressMatch1.0
ORwordpresswordpressMatch1.0-platinum
ORwordpresswordpressMatch1.0.1
ORwordpresswordpressMatch1.0.1-miles
ORwordpresswordpressMatch1.0.2
ORwordpresswordpressMatch1.0.2-blakey
ORwordpresswordpressMatch1.2
ORwordpresswordpressMatch1.2beta
ORwordpresswordpressMatch1.2-delta
ORwordpresswordpressMatch1.2-mingus
ORwordpresswordpressMatch1.2.1
ORwordpresswordpressMatch1.2.2
ORwordpresswordpressMatch1.3.1
ORwordpresswordpressMatch1.4
ORwordpresswordpressMatch1.5
ORwordpresswordpressMatch1.5-strayhorn
ORwordpresswordpressMatch1.5.1
ORwordpresswordpressMatch1.5.1.1
ORwordpresswordpressMatch1.5.1.2
ORwordpresswordpressMatch1.5.1.3
ORwordpresswordpressMatch1.5.2
ORwordpresswordpressMatch1.6
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.3
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.10_rc1
ORwordpresswordpressMatch2.0.10_rc2
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1alpha_3
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.1.3_rc1
ORwordpresswordpressMatch2.1.3_rc2
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.0
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.2_revision5002
ORwordpresswordpressMatch2.2_revision5003
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.1rc1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.6.2 | cpe:2.3:a:wordpress:wordpress:0.6.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.6.2 | cpe:2.3:a:wordpress:wordpress:0.6.2:beta_2:*:*:*:*:*:* |
| wordpress | wordpress | 0.6.2.1 | cpe:2.3:a:wordpress:wordpress:0.6.2.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.6.2.1 | cpe:2.3:a:wordpress:wordpress:0.6.2.1:beta_2:*:*:*:*:*:* |
| wordpress | wordpress | 0.7 | cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.71 | cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.71-gold | cpe:2.3:a:wordpress:wordpress:0.71-gold:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.72 | cpe:2.3:a:wordpress:wordpress:0.72:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.72 | cpe:2.3:a:wordpress:wordpress:0.72:beta1:*:*:*:*:*:* |
Related
openvas
openvas
WordPress cat Parameter Directory Traversal Vulnerability
2008-11-05 00:00:00
Debian Security Advisory DSA 1871-2 (wordpress)
2009-09-02 00:00:00
Debian: Security Advisory (DSA-1871-1)
2009-09-02 00:00:00
nessus
nessus
WordPress index.php 'cat' Parameter Local File Inclusion
2008-04-29 00:00:00
Debian DSA-1871-1 : wordpress - several vulnerabilities
2010-02-24 00:00:00
cvelist
cvelist
CVE-2008-4769
2008-10-28 10:00:00
exploitdb
exploitdb
WordPress Core 2.3.3 - 'cat' Directory Traversal
2008-04-18 00:00:00
ubuntucve
ubuntucve
CVE-2008-4769
2008-10-28 00:00:00
debiancve
debiancve
CVE-2008-4769
2008-10-28 10:30:01
prion
prion
Directory traversal
2008-10-28 10:30:00
nvd
nvd
CVE-2008-4769
2008-10-28 10:30:01
patchstack
patchstack
WordPress <= 2.3.3 - Directory Traversal
2008-10-27 00:00:00
osv
osv
wordpress - regression fix
2009-08-23 00:00:00
wordpress - several vulnerabilities
2009-08-23 00:00:00
debian
debian
[SECURITY] [DSA 1871-2] New wordpress packages fix regression
2009-08-27 01:39:01
[SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilities
2009-08-23 03:41:14
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.2
Confidence
Low
EPSS
0.012
Percentile
85.5%
Related for CVE-2008-4769