Vulnerability Details CVE-2006-4208
Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.272
EPSS Ranking 96.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/21486
- http://securityreason.com/securityalert/1401
- http://trac.wordpress.org/changeset/4095
- http://www.securityfocus.com/archive/1/443181/100/0/threaded
- http://www.securityfocus.com/bid/19504
- http://www.skippy.net/blog/category/wordpress/plugins/wp-db-backup/
- http://www.vupen.com/english/advisories/2006/3280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28375
- http://secunia.com/advisories/21486
- http://securityreason.com/securityalert/1401
- http://trac.wordpress.org/changeset/4095
- http://www.securityfocus.com/archive/1/443181/100/0/threaded
- http://www.securityfocus.com/bid/19504
- http://www.skippy.net/blog/category/wordpress/plugins/wp-db-backup/
- http://www.vupen.com/english/advisories/2006/3280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28375
Products affected by CVE-2006-4208
-
cpe:2.3:a:skippy.net:wp-db_backup_plugin_for_wordpress:1.6
-
cpe:2.3:a:skippy.net:wp-db_backup_plugin_for_wordpress:1.7