5

CVE-2008-0195

Exploit

WordPress Core < 2.1 - Full Path Disclosure

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 2.0.11
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version *-2.0.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.31% 0.87
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Exploit
http://securityreason.com/securityalert/3539
http://www.securityfocus.com/archive/1/485786/100/0/threaded
http://securityvulns.ru/Sdocument762.html
http://securityvulns.ru/Sdocument768.html
http://securityvulns.ru/Sdocument772.html
http://securityvulns.ru/Sdocument773.html
http://websecurity.com.ua/1679/
http://websecurity.com.ua/1683/
http://websecurity.com.ua/1686/
http://websecurity.com.ua/1687/
https://www.wordfence.com/threat-intel/vulnerabilities/id/63fd62b2-455e-449b-b46a-78c5d2b86cde
Third Party Advisory