Vulnerability Description
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | <= 2.0.4 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=153303
- http://markjaquith.wordpress.com/2006/10/17/changes-in-wordpress-205/
- http://secunia.com/advisories/22683PatchVendor Advisory
- http://secunia.com/advisories/22942
- http://trac.wordpress.org/changeset/4226
- http://wordpress.org/development/2006/10/205-ronan/Patch
- http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.027-wordpress.htmlVendor Advisory
- http://www.securityfocus.com/bid/20869Patch
- http://www.vupen.com/english/advisories/2006/4307
- http://bugs.gentoo.org/show_bug.cgi?id=153303
- http://markjaquith.wordpress.com/2006/10/17/changes-in-wordpress-205/
- http://secunia.com/advisories/22683PatchVendor Advisory
- http://secunia.com/advisories/22942
- http://trac.wordpress.org/changeset/4226
FAQ
What is CVE-2006-5705?
CVE-2006-5705 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequenc...
How severe is CVE-2006-5705?
CVE-2006-5705 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5705?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.