cpe:/a:wordpress:wordpress:2.0.11 CVE-2008-0196 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:26.827-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-01-10T11:45:00.000-05:00 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 MISC http://securityvulns.ru/Sdocument762.html MISC http://securityvulns.ru/Sdocument768.html MISC http://securityvulns.ru/Sdocument772.html MISC http://securityvulns.ru/Sdocument773.html MISC http://websecurity.com.ua/1679/ MISC http://websecurity.com.ua/1683/ MISC http://websecurity.com.ua/1686/ MISC http://websecurity.com.ua/1687/ Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.