一、 漏洞 CVE-2006-4743 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
WordPress 2.0.2 到 2.0.5 允许远程攻击者通过直接请求获取敏感信息,例如 (1)404.php,(2)akismet.php,(3)archive.php,(4)archives.php,(5)attachment.php,(6) blogger.php,(7)comments.php,(8)comments-popup.php,(9)dotclear.php,(10)footer.php,(11)functions.php,(12)header.php,(13)hello.php,(14)wp-content/themes/default/index.php,(15)links.php,(16)livejournal.php,(17)mt.php,(18)page.php,(19)rss.php,(20)searchform.php,(21)search.php,(22)sidebar.php,(23)single.php,(24)textpattern.php,(25)upgrade-functions.php,(26)upgrade-schema.php,或(27)wp-db-backup.php,其中暴露在各种错误消息中的路径。 注意:另一名研究人员对这份报告的细节提出了质疑,表示版本 2.0.5 不存在。 注意:管理员Footer.php、管理员函数.php、默认过滤器AdvancedEditForm.php、编辑链接Form.php、编辑页面Form.php、ses.php、 locale.php、rss函数.php、模板加载器.php和wp-db.php 路径已经被CVE-2006-0986所覆盖。编辑评论Form.php、变量.php 和wp-settings.php 路径已经被CVE-2005-4463所覆盖。菜单header.php 路径已经被CVE-2005-2110所覆盖。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
WordPress 敏感信息泄露漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
WordPress 2.0.2至2.0.5可让远程攻击者通过直接访问以下文件从而在各种错误消息中揭示路径来获取敏感信息:(1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.p
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2006-4743 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2006-4743 的情报信息