CVE-2005-4463Wordpress vulnerability

12 documents4 sources
Severity
5.0MEDIUMNVD
OSV5.3
EPSS
1.6%
top 18.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedDec 21
Latest updateMay 1

Description

WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-set

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.0.2-1 (bookworm)+2
Debianwordpress/wordpress< 2.0.5-0.1+11
NVDwordpress/wordpress14 versions+13

🔴Vulnerability Details

6
GHSA
GHSA-9mm4-3grj-7cx7: WordPress before 12022-05-01
GHSA
GHSA-x3q2-3pwv-684v: WordPress 22022-05-01
GHSA
GHSA-6vgm-3w54-5w82: WordPress 22022-05-01
OSV
CVE-2006-4743: WordPress 22006-09-13
OSV
CVE-2006-0986: WordPress 22006-03-03

📋Vendor Advisories

3
Debian
CVE-2006-0986: wordpress - WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive informat...2006
Debian
CVE-2006-4743: wordpress - WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive inform...2006
Debian
CVE-2005-4463: wordpress - WordPress before 1.5.2 allows remote attackers to obtain sensitive information v...2005
CVE-2005-4463 — Debian Wordpress vulnerability | cvebase