Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 18th, 2008

WordPress Parameter Directory Traversal Vulnerability

WordPress is prone to a ‘cat’ directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. This input validation error was originally reported by Sandor Attila Gerendi and exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks.

An attacker can exploit this issue with a browser. The following example URL demonstrates the error:

WordPress 2.3.3 is vulnerable; other versions may also be affected. WordPress TRAC has committed fixes to the application’s repository, more information can be found in here. The fix sanitizes “cat” query var and cast to int before looking for a category template.

Share this item with others:

More on CyberInsecure:
  • WordPress Multiple SQL Injection Vulnerabilities
  • WordPress Cookie Integrity Protection Allows Unauthorized Access
  • WordPress 2.8.3 Remote Admin Password Reset Vulnerability
  • WordPress 2.6.2 Released Due To PHP Weakness That Might Lead To Attack
  • WordPress Doorway Spam Attacks

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: WordPress Parameter Directory Traversal Vulnerability

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.