CVE-2008-0615

Currently unrated

Key Information:

Vendor: Wordpress
Status: Dmsguestbook
Vendor: CVE Published:; 6 February 2008

Summary

Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.

References

http://secunia.com/advisories/28759

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/27575

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/3615

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Feb 6, 2008
Vulnerability Reserved
Feb 5, 2008