CVE-2013-2203Wordpress vulnerability

CWE-2647 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJul 8
Latest updateMay 17

Description

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 3.5.2+dfsg-1 (bookworm)
Debianwordpress/wordpress< 3.5.2+dfsg-1+3
NVDwordpress/wordpress3.5.1+74

🔴Vulnerability Details

2
GHSA
GHSA-p2ph-58w4-xr4f: WordPress before 32022-05-17
OSV
CVE-2013-2203: WordPress before 32013-07-08

📋Vendor Advisories

1
Debian
CVE-2013-2203: wordpress - WordPress before 3.5.2, when the uploads directory forbids write access, allows ...2013

💬Community

3
Bugzilla
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version [epel-all]2013-06-22
Bugzilla
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version [fedora-all]2013-06-22
Bugzilla
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version2013-06-21
CVE-2013-2203 — Debian Wordpress vulnerability | cvebase