CVE-2006-3389 — Wordpress vulnerability

9 documents5 sources

Severity

10.0CRITICALNVD

NVD5.0OSV5.0

EPSS

1.2%

top 21.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJul 6

Latest updateMay 1

Description

index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.0.4-1 (bookworm)

▶Debianwordpress/wordpress< 2.0.4-1+3

▶NVDwordpress/wordpress4 versions+3

🔴Vulnerability Details

GHSA

GHSA-2m32-3qgh-qc3p: index↗2022-05-01

▶

GHSA

GHSA-5fp4-c42w-xqf3: Multiple unspecified vulnerabilities in WordPress before 2↗2022-05-01

▶

OSV

CVE-2006-4028: Multiple unspecified vulnerabilities in WordPress before 2↗2006-08-09

▶

OSV

CVE-2006-3389: index↗2006-07-06

▶

📋Vendor Advisories

Debian

CVE-2006-3389: wordpress - index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive informa...↗2006

▶

Debian

CVE-2006-4028: wordpress - Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impa...↗2006

▶