CVE-2006-5705 — Path Traversal in Wordpress

CWE-22 — Path Traversal10 documents5 sources

Severity

7.5HIGHNVD

NVD6.0OSV6.0

EPSS

4.9%

top 10.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedNov 4

Latest updateMay 1

Description

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.0.5-0.1 (bookworm)+1

▶Debianwordpress/wordpress< 2.0.5-0.1+7

▶NVDwordpress/wordpress2.0.3+3

Patches

Patch: secunia.com ↗Patch: wordpress.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wjp2-fcqj-8w42: Directory traversal vulnerability in wp-db-backup↗2022-05-01

▶

GHSA

GHSA-fhp2-f8wf-wpqm: Multiple directory traversal vulnerabilities in plugins/wp-db-backup↗2022-05-01

▶

OSV

CVE-2008-0194: Directory traversal vulnerability in wp-db-backup↗2008-01-10

▶

OSV

CVE-2006-5705: Multiple directory traversal vulnerabilities in plugins/wp-db-backup↗2006-11-04

▶

📋Vendor Advisories

Debian

CVE-2008-0194: wordpress - Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and ear...↗2008

▶

Debian

CVE-2006-5705: wordpress - Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in Word...↗2006

▶

💬Community

Bugzilla

vulnerable for DoS and info. leak↗2006-12-27

▶

Bugzilla

CVE-2006-5705: wordpress < 2.0.5 directory traversal vulnerability↗2006-11-04

▶