Vulnerability CVE-2008-4769 - CERT Civis.Net

Vulnerability Name:

CVE-2008-4769 (CCN-41920)

Assigned:

2008-04-02

Published:

2008-04-02

Updated:

2017-08-08

Summary:

Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php.
Note: some of these details are obtained from third party information.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
8.1 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-4769

Source: CCN
Type: SA29949
WordPress "cat" Directory Traversal Vulnerability

Source: SECUNIA
Type: Vendor Advisory
29949

Source: CCN
Type: WordPress Trac Changeset 7586
Sanitize "cat" query var and cast to int before looking for a category template

Source: MISC
Type: UNKNOWN
http://trac.wordpress.org/changeset/7586

Source: CCN
Type: WordPress Web site
WordPress

Source: DEBIAN
Type: UNKNOWN
DSA-1871

Source: DEBIAN
Type: DSA-1871
wordpress -- several vulnerabilities

Source: MISC
Type: UNKNOWN
http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html

Source: CCN
Type: OSVDB ID: 44591
WordPress wp-includes/theme.php get_category_template() Function cat Parameter Traversal Local File Inclusion

Source: BID
Type: Exploit
28845

Source: CCN
Type: BID-28845
WordPress 'cat' Parameter Directory Traversal Vulnerability

Source: XF
Type: UNKNOWN
wordpress-cat-file-include(41920)

Source: XF
Type: UNKNOWN
wordpress-cat-directory-traversal(41920)

Vulnerable Configuration:

Configuration 1:

cpe:/a:wordpress:wordpress:0.6.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.6.2:beta_2:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.6.2.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.6.2.1:beta_2:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.7:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.71:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.71-gold:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.72:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.72:beta1:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.72:beta2:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.72:rc1:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.711:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0-platinum:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0.1-miles:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0.2-blakey:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2:beta:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2-delta:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2-mingus:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.4:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5-strayhorn:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.6:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.3:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.5:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.6:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.7:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.8:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.9:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.10:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.10_rc1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.10_rc2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.11:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1:alpha_3:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.3:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.3_rc1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.3_rc2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2_revision5002:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2_revision5003:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.3:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.3.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.3.1:rc1:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.3.2:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:*:*:*:*:*:*:*:* (Version <= 2.3.3)

OR cpe:/a:wordpress:wordpress:2.5:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:wordpress:wordpress:2.0.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.3:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.5:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.6:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.3:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.3:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.11:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.3.2:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.3.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.10:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.7:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.3:rc2:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.3:rc1:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.10:rc2:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.10:rc1:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:8072	P	DSA-1871 wordpress -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:12947	P	DSA-1871-2 wordpress -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:13072	P	DSA-1871-1 wordpress -- several vulnerabilities	2014-06-23
oval:org.debian:def:1871	V	several vulnerabilities	2009-08-23