Vulnerability CVE-2008-0196 - CERT Civis.Net

Vulnerability Name:

CVE-2008-0196 (CCN-39437)

Assigned:

2008-01-03

Published:

2008-01-03

Updated:

2018-10-15

Summary:

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-0196

Source: FULLDISC
Type: Exploit
20080103 securityvulns.com russian vulnerabilities digest

Source: CCN
Type: BugTraq Mailing List, Thu, 3 Jan 2008 23:50:08 +0300
securityvulns.com russian vulnerabilities digest

Source: SREASON
Type: UNKNOWN
3539

Source: MISC
Type: UNKNOWN
http://securityvulns.ru/Sdocument762.html

Source: MISC
Type: UNKNOWN
http://securityvulns.ru/Sdocument768.html

Source: MISC
Type: UNKNOWN
http://securityvulns.ru/Sdocument772.html

Source: CCN
Type: Securityvulns Web site
Arbitrary file edit, Local file include, Directory traversal and Full path disclosure in WordPress

Source: MISC
Type: UNKNOWN
http://securityvulns.ru/Sdocument773.html

Source: MISC
Type: UNKNOWN
http://websecurity.com.ua/1679/

Source: MISC
Type: UNKNOWN
http://websecurity.com.ua/1683/

Source: MISC
Type: UNKNOWN
http://websecurity.com.ua/1686/

Source: MISC
Type: UNKNOWN
http://websecurity.com.ua/1687/

Source: CCN
Type: WordPress Web site
WordPress

Source: CCN
Type: OSVDB ID: 43560
WordPress /wp-admin/themes.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43561
WordPress /wp-admin/link-manager.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43562
WordPress /wp-admin/options-discussion.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43563
WordPress /wp-admin/user-edit.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43564
WordPress /wp-admin/admin.php Multiple Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43565
WordPress /wp-admin/edit-comments.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43566
WordPress /wp-admin/profile.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43567
WordPress /wp-admin/cat-js.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43568
WordPress /wp-admin/post.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43569
WordPress /wp-admin/moderation.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43570
WordPress /wp-admin/categories.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43571
WordPress /wp-admin/edit-pages.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43572
WordPress /wp-admin/templates.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43573
WordPress /wp-admin/theme-editor.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43574
WordPress /wp-admin/link-import.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43575
WordPress /wp-admin/link-categories.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43576
WordPress /wp-admin/index.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43577
WordPress /wp-admin/page-new.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43578
WordPress /wp-admin/options-writing.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43579
WordPress /wp-admin/profile-update.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43580
WordPress /wp-admin/options-general.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43581
WordPress /wp-admin/users.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43582
WordPress /wp-admin/plugin-editor.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43583
WordPress /wp-admin/import.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43584
WordPress /wp-admin/options-misc.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43585
WordPress /wp-admin/options-reading.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43586
WordPress /wp-admin/edit.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43587
WordPress /wp-admin/sidebar.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43588
WordPress /wp-admin/options.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43589
WordPress /wp-admin/inline-uploading.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43590
WordPress /wp-admin/bookmarklet.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43591
WordPress /wp-admin/admin.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43592
WordPress /wp-admin/options-permalink.php page Parameter Traversal Arbitrary File Access

Source: CCN
Type: OSVDB ID: 43593
WordPress /wp-admin/link-add.php page Parameter Traversal Arbitrary File Access

Source: BUGTRAQ
Type: UNKNOWN
20080103 securityvulns.com russian vulnerabilities digest

Source: XF
Type: UNKNOWN
wordpress-page-import-file-include(39437)

Vulnerable Configuration:

Configuration 1:

cpe:/a:wordpress:wordpress:*:*:*:*:*:*:*:* (Version <= 2.0.11)

Configuration CCN 1:

cpe:/a:wordpress:wordpress:2.0.11:-:*:*:*:*:*:*

Denotes that component is vulnerable