Description

Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2008-4769

Related Vulnerabilities

WordPress 6.3.x Multiple Vulnerabilities (6.3 - 6.3.1)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24408)

Squid Other Vulnerability (CVE-2010-2951)

WordPress Plugin Total Security Multiple Vulnerabilities (3.4)

WordPress Plugin Post Recommendations for WordPress 'api.php' Remote File Include (1.1.2)

Severity

Critical

Classification

CVE-2008-4769 CWE-22

Tags

Missing Update Known Vulnerabilities