CVE-2006-4208
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
86.6%
Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a … (dot dot) in the backup parameter to edit.php.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| skippy.net | wp-db_backup_plugin_for_wordpress | 1.6 | cpe:2.3:a:skippy.net:wp-db_backup_plugin_for_wordpress:1.6:*:*:*:*:*:*:* |
| skippy.net | wp-db_backup_plugin_for_wordpress | 1.7 | cpe:2.3:a:skippy.net:wp-db_backup_plugin_for_wordpress:1.7:*:*:*:*:*:*:* |
References
secunia.com/advisories/21486
securityreason.com/securityalert/1401
trac.wordpress.org/changeset/4095
www.securityfocus.com/archive/1/443181/100/0/threaded
www.securityfocus.com/bid/19504
www.skippy.net/blog/category/wordpress/plugins/wp-db-backup/
www.vupen.com/english/advisories/2006/3280
exchange.xforce.ibmcloud.com/vulnerabilities/28375
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
86.6%