CVE-2008-0194

Name of the Vulnerable Software and Affected Versions WordPress versions 2.0.3 and earlier

Description A directory traversal issue allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service. This is achieved by including a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.

Recommendations For WordPress versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the wp-db-backup.php file and the wp-admin/edit.php endpoint to minimize the risk of exploitation. Avoid using the backup parameter in the affected endpoint until the issue is resolved.