Directory Traversal Vulnerability in DMSGuestbook Plugin for WordPress
CVE-2008-0615

Currently unrated

Key Information:

Vendor: Wordpress
Status: Dmsguestbook
Vendor: CVE Published:; 6 February 2008

Summary

The DMSGuestbook plugin for WordPress contains a directory traversal vulnerability in the wp-admin/admin.php file. This flaw allows remote authenticated users to exploit the plugin by manipulating folder and file parameters. By utilizing sequences like '..', attackers may gain unauthorized access to sensitive files on the server, which can lead to further security breaches. It is crucial for users of versions 1.8.0 and 1.7.0 to update their installations to mitigate the risks associated with this vulnerability.

References

http://secunia.com/advisories/28759

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/27575

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/3615

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Feb 6, 2008
Vulnerability Reserved
Feb 5, 2008