ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 2.3.3 - Directory Traversal

Product
WordPress
Description
Because of this vulnerability, the attackers can include and possibly execute arbitrary PHP files via the "cat" parameter in index.php. NOTE: some of these details are obtained from third party information.
Solution
Update WordPress.
Classification
Type Directory Traversal
References
CVE Mitre
CVE
Name CVE-2008-4769
Versions
Affected In <= 2.3.3, 2.5
Fixed In 2.3.4
Disclosure date
2008-10-27
Credits
Sandor Attila Gerendi