7.8
CVE-2007-0262
- EPSS 2.43%
- Veröffentlicht 16.01.2007 23:28:00
- Zuletzt bearbeitet 16.06.2026 22:35:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core < 2.0.7 - Full Path Disclosure
WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.0.7, or a newer patched version
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.43% | 0.821 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
http://osvdb.org/33458
http://www.securityfocus.com/archive/1/456731/100/0/threaded
https://www.wordfence.com/threat-intel/vulnerabilities/id/b1446daf-662d-479c-8fc5-80b27b04d6c4