CVE-2008-4769 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:C/I:C/A:C
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
wordpress	wordpress	𝑥 ≤ 2.3.3
wordpress	wordpress	0.6.2
wordpress	wordpress	0.6.2:beta_2
wordpress	wordpress	0.6.2.1
wordpress	wordpress	0.6.2.1:beta_2
wordpress	wordpress	0.7
wordpress	wordpress	0.71
wordpress	wordpress	0.71-gold
wordpress	wordpress	0.72
wordpress	wordpress	0.72:beta1
wordpress	wordpress	0.72:beta2
wordpress	wordpress	0.72:rc1
wordpress	wordpress	0.711
wordpress	wordpress	1.0
wordpress	wordpress	1.0-platinum
wordpress	wordpress	1.0.1
wordpress	wordpress	1.0.1-miles
wordpress	wordpress	1.0.2
wordpress	wordpress	1.0.2-blakey
wordpress	wordpress	1.2
wordpress	wordpress	1.2:beta
wordpress	wordpress	1.2-delta
wordpress	wordpress	1.2-mingus
wordpress	wordpress	1.2.1
wordpress	wordpress	1.2.2
wordpress	wordpress	1.3.1
wordpress	wordpress	1.4
wordpress	wordpress	1.5
wordpress	wordpress	1.5-strayhorn
wordpress	wordpress	1.5.1
wordpress	wordpress	1.5.1.1
wordpress	wordpress	1.5.1.2
wordpress	wordpress	1.5.1.3
wordpress	wordpress	1.5.2
wordpress	wordpress	1.6
wordpress	wordpress	2.0
wordpress	wordpress	2.0.1
wordpress	wordpress	2.0.2
wordpress	wordpress	2.0.3
wordpress	wordpress	2.0.4
wordpress	wordpress	2.0.5
wordpress	wordpress	2.0.6
wordpress	wordpress	2.0.7
wordpress	wordpress	2.0.8
wordpress	wordpress	2.0.9
wordpress	wordpress	2.0.10
wordpress	wordpress	2.0.10_rc1:_rc1
wordpress	wordpress	2.0.10_rc2:_rc2
wordpress	wordpress	2.0.11
wordpress	wordpress	2.1
wordpress	wordpress	2.1:alpha_3
wordpress	wordpress	2.1.1
wordpress	wordpress	2.1.2
wordpress	wordpress	2.1.3
wordpress	wordpress	2.1.3_rc1:_rc1
wordpress	wordpress	2.1.3_rc2:_rc2
wordpress	wordpress	2.2
wordpress	wordpress	2.2.0
wordpress	wordpress	2.2.1
wordpress	wordpress	2.2.2
wordpress	wordpress	2.2.3
wordpress	wordpress	2.2_revision5002:_revision5002
wordpress	wordpress	2.2_revision5003:_revision5003
wordpress	wordpress	2.3
wordpress	wordpress	2.3.1
wordpress	wordpress	2.3.1:rc1
wordpress	wordpress	2.3.2
wordpress	wordpress	2.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

wordpress

bullseye (security)	5.7.11+dfsg1-0+deb11u1 fixed
bullseye	5.7.11+dfsg1-0+deb11u1 fixed
bookworm	6.1.6+dfsg1-0+deb12u1 fixed
bookworm (security)	6.1.6+dfsg1-0+deb12u1 fixed
sid	6.6.1+dfsg1-1 fixed
trixie	6.6.1+dfsg1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

wordpress

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	ignored
gutsy	ignored
dapper	ignored

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://secunia.com/advisories/29949

http://trac.wordpress.org/changeset/7586

http://www.debian.org/security/2009/dsa-1871

http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html