Description

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

Remediation

References

CVE-2006-6016

Related Vulnerabilities

WordPress Plugin WP Flash Player Multiple Cross-Site Scripting Vulnerabilities (1.3)

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-8159)

WordPress Plugin Export Post Info CSV Injection (1.2.0)

Oracle JRE CVE-2013-5838 Vulnerability (CVE-2013-5838)

phpMyAdmin Other Vulnerability (CVE-2005-1392)

Severity

Medium

Classification

CVE-2006-6016

Tags

Missing Update Known Vulnerabilities