Vulnerability Description
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | 2.0.3 |
References
- http://secunia.com/advisories/20928Vendor Advisory
- http://secunia.com/advisories/21447
- http://security.gentoo.org/glsa/glsa-200608-19.xml
- http://securityreason.com/securityalert/1187
- http://www.securityfocus.com/archive/1/438942/100/0/threaded
- http://www.securityfocus.com/archive/1/439031/100/0/threaded
- http://www.securityfocus.com/archive/1/439062/100/0/threaded
- http://www.securityfocus.com/archive/1/440127/100/0/threaded
- http://www.securityfocus.com/bid/18779
- http://www.vupen.com/english/advisories/2006/2661
- http://secunia.com/advisories/20928Vendor Advisory
- http://secunia.com/advisories/21447
- http://security.gentoo.org/glsa/glsa-200608-19.xml
- http://securityreason.com/securityalert/1187
- http://www.securityfocus.com/archive/1/438942/100/0/threaded
FAQ
What is CVE-2006-3389?
CVE-2006-3389 is a vulnerability with a CVSS score of 5.0 (MEDIUM). index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message...
How severe is CVE-2006-3389?
CVE-2006-3389 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3389?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.