Skip to content
Saturday, December 6, 2025
Medium Published: Jan 10, 2008 Modified: Apr 09, 2025

CVE-2008-0196

5 CVSS SCORE
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Share:

Description

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Confidentiality P
Integrity None
Availability None

Affected Software Configurations

  • a wordpress wordpress * * * * * * * *

Weaknesses (CWE)

  • CWE-22

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More
← Back to CVE Tracker