CVE-2008-0191 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0191): WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. CVE-2008-0193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0193): Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. CVE-2008-0195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0195): WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.
I bugged upstream about the status of these vulnerabilities.
Upstream replied: > CVE-2008-0191 Cannot reproduce on 2.3.2 - db errors are hidden in 2.3.2. Relavent trac tickets: http://trac.wordpress.org/ticket/5471 http://trac.wordpress.org/ticket/5473 > CVE-2008-0193 Can't directly affect 2.3.2 - wp-db-backup is not included in the WordPress 2.3.2 release. > CVE-2008-0195 Can't reproduce on 2.3.2 _________ I did not test on a fresh 2.3.2 install -- confirmed their findings, so this is INVALID.
