Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0196Path Traversal in Wordpress

CWE-22Path Traversal7 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 52.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJan 10
Latest updateMay 1

Description

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.3.3-1 (bookworm)
Debianwordpress/wordpress< 2.3.3-1+3

🔴Vulnerability Details

2
GHSA
GHSA-752f-j58r-mc8q: Multiple directory traversal vulnerabilities in WordPress 22022-05-01
OSV
CVE-2008-0196: Multiple directory traversal vulnerabilities in WordPress 22008-01-10

💥Exploits & PoCs

1
Exploit-DB
WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures2009-07-10

📋Vendor Advisories

1
Debian
CVE-2008-0196: wordpress - Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier all...2008

💬Community

2
Bugzilla
CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 ghostscript various flaws [F9]2009-04-15
Bugzilla
CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 ghostscript various flaws [F10]2009-04-15
CVE-2008-0196 — Path Traversal in Debian Wordpress | cvebase