9.3
CVE-2008-4769
- EPSS 8.97%
- Veröffentlicht 28.10.2008 10:30:01
- Zuletzt bearbeitet 16.06.2026 22:58:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core <= 2.3.3 - Directory Traversal
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.5.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
*-2.3.3
Version
2.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.97% | 0.946 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
http://www.debian.org/security/2009/dsa-1871
http://secunia.com/advisories/29949
http://trac.wordpress.org/changeset/7586
http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html
http://www.securityfocus.com/bid/28845
https://exchange.xforce.ibmcloud.com/vulnerabilities/41920
https://www.wordfence.com/threat-intel/vulnerabilities/id/38b27ee7-0e92-47ad-89f8-1a3c8d5c9442