Vulnerabilities > CVE-2006-4208 - Directory Traversal vulnerability in Skippy.Net Wp-Db Backup Plugin for Wordpress 1.6/1.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php. Apply patch
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | WP-DB Backup For Wordpress 1.6/1.7 Edit.PHP Directory Traversal Vulnerability. CVE-2006-4208. Webapps exploit for php platform |
| id | EDB-ID:28382 |
| last seen | 2016-02-03 |
| modified | 2006-08-14 |
| published | 2006-08-14 |
| reporter | marc & shb |
| source | https://www.exploit-db.com/download/28382/ |
| title | WP-DB Backup For WordPress 1.6/1.7 Edit.PHP - Directory Traversal Vulnerability |
References
- http://secunia.com/advisories/21486
- http://securityreason.com/securityalert/1401
- http://trac.wordpress.org/changeset/4095
- http://www.securityfocus.com/archive/1/443181/100/0/threaded
- http://www.securityfocus.com/bid/19504
- http://www.skippy.net/blog/category/wordpress/plugins/wp-db-backup/
- http://www.vupen.com/english/advisories/2006/3280
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28375