CVE-2006-3390 — Wordpress vulnerability

10 documents5 sources

Severity

10.0CRITICALNVD

NVD5.0OSV5.0

EPSS

1.4%

top 19.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJul 6

Latest updateMay 1

Description

WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.0.4-1 (bookworm)

▶Debianwordpress/wordpress< 2.0.4-1+3

▶NVDwordpress/wordpress4 versions+3

🔴Vulnerability Details

GHSA

GHSA-p47w-r74f-f3j5: WordPress 2↗2022-05-01

▶

GHSA

GHSA-5fp4-c42w-xqf3: Multiple unspecified vulnerabilities in WordPress before 2↗2022-05-01

▶

OSV

CVE-2006-4028: Multiple unspecified vulnerabilities in WordPress before 2↗2006-08-09

▶

OSV

CVE-2006-3390: WordPress 2↗2006-07-06

▶

📋Vendor Advisories

Debian

CVE-2006-4028: wordpress - Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impa...↗2006

▶

Debian

CVE-2006-3390: wordpress - WordPress 2.0.3 allows remote attackers to obtain the installation path via a di...↗2006

▶

💬Community

Bugzilla

CVE-2006-3390: Wordpress information disclosure↗2006-07-09

▶