ID CVE-2006-6808
Summary Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php. This vulnerability is addressed in the following product release: WordPress, WordPress, 2.0.6
References
Vulnerable Configurations
  • cpe:2.3:a:wordpress:wordpress:0.6.2:beta_2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.6.2:beta_2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.6.2.1:beta_2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.6.2.1:beta_2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.71:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.71:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.71:beta:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.71:beta:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.71:beta3:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.71:beta3:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.72:beta1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.72:beta1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.72:beta2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.72:beta2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.72:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.72:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2:beta:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.5:a:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.5:a:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.3:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.3:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.5:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.5:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.5:rc1:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 21782
confirm http://trac.wordpress.org/changeset/4665
fulldisc 20061227 WordPress Persistent XSS
gentoo GLSA-200701-10
misc http://michaeldaw.org/
secunia
  • 23587
  • 23741
vupen ADV-2006-5191
xf wordpress-getfiledescription-xss(31133)
Last major update 29-07-2017 - 01:29
Published 28-12-2006 - 21:28
Last modified 29-07-2017 - 01:29
Back to Top