cbcvebase.
CVE-2006-4208
published 2006-08-17

CVE-2006-4208: Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with…

PriorityP333medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
11.81%
95.6th percentile
Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianwordpress< wordpress 2.0.5-0.1 (bookworm)wordpress 2.0.5-0.1 (bookworm)
skippy.netwp-db_backup_plugin_for_wordpress
skippy.netwp-db_backup_plugin_for_wordpress
wordpresswordpress>= 0 < 2.0.5-0.12.0.5-0.1
wordpresswordpress>= 0 < 2.0.5-0.12.0.5-0.1
wordpresswordpress>= 0 < 2.0.5-0.12.0.5-0.1
wordpresswordpress>= 0 < 2.0.5-0.12.0.5-0.1

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.