CVE-2008-4769

critical

Description

Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41920

http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html

http://www.debian.org/security/2009/dsa-1871

http://trac.wordpress.org/changeset/7586

http://secunia.com/advisories/29949

Details

Source: Mitre, NVD

Published: 2008-10-28

Updated: 2017-08-08

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical