Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-4208

Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.

Related bugs and status

CVE-2006-4208 (Candidate) is related to these bugs:

Bug #89654: wordpress in Edgy/Dapper has an unsettlingly large number of unfixed CVEs

		In	Importance	Status
89654	wordpress in Edgy/Dapper has an unsettlingly large number of unfixed CVEs	wordpress (Ubuntu)	Undecided	Fix Released
89654	wordpress in Edgy/Dapper has an unsettlingly large number of unfixed CVEs	wordpress (Ubuntu Dapper)	Undecided	Won't Fix
89654	wordpress in Edgy/Dapper has an unsettlingly large number of unfixed CVEs	wordpress (Ubuntu Edgy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://trac.wordpress....
CONFIRM: http://www.skippy.net/...
BID: 19504
SECUNIA: 21486
SREASON: 1401
VUPEN: ADV-2006-3280
XF: wpdbbackup-edit-direct...
BUGTRAQ: 20060814 Wordpress WP-...