Wordpress » Wordpress » 2.0.4 : Security Vulnerabilities, CVEs, Published In 2008 (Directory traversal)
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
0.85%
Published
2008-10-28
Updated
2017-08-08
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.
Max CVSS
5.0
EPSS Score
0.47%
Published
2008-01-10
Updated
2018-10-15
2 vulnerabilities found