7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.004 Low
EPSS
Percentile
73.6%
WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that
the m parameter value has the string data type, which allows remote
attackers to obtain sensitive information via an invalid m[] parameter, as
demonstrated by obtaining the path, and obtaining certain SQL information
such as the table prefix.