CVE-2006-3389

Severity

50%

Complexity

99%

Confidentiality

48%

index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.

index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 18 years ago

2006-07-06 20:05:00

Last updated 6 years ago

2018-10-18 16:47:00

Affected Software

WordPress 2.0.3

2.0.3

References

20928

Vendor Advisory

21447

GLSA-200608-19

1187

20060702 WordPress 2.0.3 SQL Error and Full Path Disclosure

20060704 Re: WordPress 2.0.3 SQL Error and Full Path Disclosure

20060704 Re: WordPress 2.0.3 SQL Error and Full Path Disclosure

20060713 Re: WordPress 2.0.3 SQL Error and Full Path Disclosure

18779

ADV-2006-2661

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.