CVE-2006-6016Out-of-bounds Read in Wordpress

CWE-125Out-of-bounds Read5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 26.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedNov 21
Latest updateMay 1

Description

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.0.5-0.1 (bookworm)
Debianwordpress/wordpress< 2.0.5-0.1+3

Patches

Patch: www.gentoo.orgPatch: www.gentoo.org

🔴Vulnerability Details

2
GHSA
GHSA-p3fq-9wj3-h9c3: wp-admin/user-edit2022-05-01
OSV
CVE-2006-6016: wp-admin/user-edit2006-11-21

📋Vendor Advisories

1
Debian
CVE-2006-6016: wordpress - wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated use...2006

💬Community

1
Bugzilla
vulnerable for DoS and info. leak2006-12-27
CVE-2006-6016 — Out-of-bounds Read in Debian Wordpress | cvebase