Vulnerabilities > CVE-2006-6808 - HTML Injection vulnerability in Wordpress
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php. This vulnerability is addressed in the following product release: WordPress, WordPress, 2.0.6
Vulnerable Configurations
Exploit-Db
| description | Wordpress 1.x/2.0.x Template.PHP HTML Injection Vulnerability. CVE-2006-6808. Webapps exploit for php platform |
| id | EDB-ID:29356 |
| last seen | 2016-02-03 |
| modified | 2006-12-27 |
| published | 2006-12-27 |
| reporter | David Kierznowski |
| source | https://www.exploit-db.com/download/29356/ |
| title | WordPress 1.x/2.0.x - Template.PHP HTML Injection Vulnerability |
Nessus
| NASL family | Gentoo Local Security Checks |
| NASL id | GENTOO_GLSA-200701-10.NASL |
| description | The remote host is affected by the vulnerability described in GLSA-200701-10 (WordPress: Multiple vulnerabilities) When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error messages in wp-login.php based upon whether or not a user exists. David Kierznowski has discovered that WordPress fails to properly sanitize recent file information in /wp-admin/templates.php before sending that information to a browser. Impact : An attacker could inject arbitrary SQL into WordPress database queries. An attacker could also determine if a WordPress user existed by trying to login as that user, better facilitating brute-force attacks. Lastly, an attacker authenticated to view the administrative section of a WordPress instance could try to edit a file with a malicious filename; this may cause arbitrary HTML or JavaScript to be executed in users |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 24208 |
| published | 2007-01-17 |
| reporter | This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/24208 |
| title | GLSA-200701-10 : WordPress: Multiple vulnerabilities |
References
- http://marc.info/?l=full-disclosure&m=116722128631087&w=2
- http://michaeldaw.org/
- http://secunia.com/advisories/23587
- http://secunia.com/advisories/23741
- http://security.gentoo.org/glsa/glsa-200701-10.xml
- http://trac.wordpress.org/changeset/4665
- http://www.securityfocus.com/bid/21782
- http://www.vupen.com/english/advisories/2006/5191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31133