Description
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.
Remediation
References
Related Vulnerabilities
Drupal Incorrect Default Permissions Vulnerability (CVE-2020-13667)
WordPress Plugin GS Products Slider for WooCommerce Cross-Site Scripting (1.5.8)
Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.9)
WordPress Plugin JupiterX Core Security Bypass (2.0.6)
WordPress Improper Input Validation Vulnerability (CVE-2013-5738)