CVE-2006-3389

high

Description

index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.

References

http://www.vupen.com/english/advisories/2006/2661

http://www.securityfocus.com/bid/18779

http://www.securityfocus.com/archive/1/440127/100/0/threaded

http://www.securityfocus.com/archive/1/439062/100/0/threaded

http://www.securityfocus.com/archive/1/439031/100/0/threaded

http://www.securityfocus.com/archive/1/438942/100/0/threaded

http://securityreason.com/securityalert/1187

http://security.gentoo.org/glsa/glsa-200608-19.xml

http://secunia.com/advisories/21447

http://secunia.com/advisories/20928

Details

Source: Mitre, NVD

Published: 2006-07-06

Updated: 2018-10-18

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High