CVE-2006-3389
WordPress 2.0.3 - Information Disclosure via Invalid Paged Parameter
Title source: llmDescription
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/440127/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1187
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20928
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21447
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18779
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/439062/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200608-19.xml
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2661
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438942/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/439031/100/0/threaded
Scores
EPSS
0.0120
EPSS Percentile
79.1%
Details
Status
published
Products (1)
wordpress/wordpress
2.0.3
Published
Jul 06, 2006
Tracked Since
Feb 18, 2026