CVE-2005-1688 — Forced Browsing in Wordpress

CWE-425 — Forced Browsing9 documents5 sources

Severity

5.3MEDIUMNVD

NVD5.0

EPSS

0.6%

top 29.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedMay 20

Latest updateMay 1

Description

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.0.2-1 (bookworm)+1

▶Debianwordpress/wordpress< 1.5.1-1+7

▶NVDwordpress/wordpress1.5+10

🔴Vulnerability Details

GHSA

GHSA-vc3p-78qc-h4m8: Wordpress 1↗2022-05-01

▶

GHSA

GHSA-6vgm-3w54-5w82: WordPress 2↗2022-05-01

▶

OSV

CVE-2006-0986: WordPress 2↗2006-03-03

▶

OSV

CVE-2005-1688: Wordpress 1↗2005-05-20

▶

📋Vendor Advisories

Debian

CVE-2006-0986: wordpress - WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive informat...↗2006

▶

Debian

CVE-2005-1688: wordpress - Wordpress 1.5 and earlier allows remote attackers to obtain sensitive informatio...↗2005

▶

📐Framework References

CWE

Direct Request ('Forced Browsing')↗

▶