CVE-2006-4208 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2006-4208

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.

Affected Software

Name	Vendor	Start Version	End Version
Wp-db_backup_plugin_for_wordpress	Skippy.net	1.6 (including)	1.6 (including)
Wp-db_backup_plugin_for_wordpress	Skippy.net	1.7 (including)	1.7 (including)
Wordpress	Ubuntu	dapper	*
Wordpress	Ubuntu	upstream	*

References

http://secunia.com/advisories/21486
http://securityreason.com/securityalert/1401
http://trac.wordpress.org/changeset/4095
http://www.securityfocus.com/archive/1/443181/100/0/threaded
http://www.securityfocus.com/bid/19504
http://www.skippy.net/blog/category/wordpress/plugins/wp-db-backup/
http://www.vupen.com/english/advisories/2006/3280
https://exchange.xforce.ibmcloud.com/vulnerabilities/28375