CVE-2006-4028

Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=142142
http://secunia.com/advisories/21309	Patch Vendor Advisory
http://secunia.com/advisories/21447	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-19.xml
http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/
http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/
http://wordpress.org/development/2006/07/wordpress-204/	Patch
http://www.osvdb.org/27633
http://www.securityfocus.com/bid/19247	Patch
http://www.vupen.com/english/advisories/2006/3071	Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=142142
http://secunia.com/advisories/21309	Patch Vendor Advisory
http://secunia.com/advisories/21447	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-19.xml
http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/
http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/
http://wordpress.org/development/2006/07/wordpress-204/	Patch
http://www.osvdb.org/27633
http://www.securityfocus.com/bid/19247	Patch
http://www.vupen.com/english/advisories/2006/3071	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wordpress:wordpress:2.0:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.3:::::::*

History

21 Nov 2024, 00:14

Type	Values Removed	Values Added
References	~~() http://bugs.gentoo.org/show_bug.cgi?id=142142 -~~	() http://bugs.gentoo.org/show_bug.cgi?id=142142 -
References	~~() http://secunia.com/advisories/21309 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/21309 - Patch, Vendor Advisory
References	~~() http://secunia.com/advisories/21447 - Vendor Advisory~~	() http://secunia.com/advisories/21447 - Vendor Advisory
References	~~() http://security.gentoo.org/glsa/glsa-200608-19.xml -~~	() http://security.gentoo.org/glsa/glsa-200608-19.xml -
References	~~() http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/ -~~	() http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/ -
References	~~() http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/ -~~	() http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/ -
References	~~() http://wordpress.org/development/2006/07/wordpress-204/ - Patch~~	() http://wordpress.org/development/2006/07/wordpress-204/ - Patch
References	~~() http://www.osvdb.org/27633 -~~	() http://www.osvdb.org/27633 -
References	~~() http://www.securityfocus.com/bid/19247 - Patch~~	() http://www.securityfocus.com/bid/19247 - Patch
References	~~() http://www.vupen.com/english/advisories/2006/3071 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2006/3071 - Vendor Advisory

Information

Published : 2006-08-09 20:04

Updated : 2024-11-21 00:14

NVD link : CVE-2006-4028

Mitre link : CVE-2006-4028

CVE.ORG link : CVE-2006-4028

JSON object : View

Products Affected

wordpress

wordpress

CWE

NVD-CWE-noinfo

10.0 /10