Unrated severityNVD Advisory· Published Nov 4, 2006· Updated Jun 16, 2026

CVE-2006-5705

Description

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/WordPress4 versions
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=2.0.4
- cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
- (no CPE)range: <2.0.5
Package: https://wordpress.org/plugins/wordpress

Patches

Vulnerability mechanics

References

secunia.com/advisories/22683nvdPatchVendor Advisory
wordpress.org/development/2006/10/205-ronan/nvdPatch
www.securityfocus.com/bid/20869nvdPatch
www.openpkg.org/security/advisories/OpenPKG-SA-2006.027-wordpress.htmlnvdVendor Advisory
bugs.gentoo.org/show_bug.cginvd
markjaquith.wordpress.com/2006/10/17/changes-in-wordpress-205/nvd
secunia.com/advisories/22942nvd
trac.wordpress.org/changeset/4226nvd
www.gentoo.org/security/en/glsa/glsa-200611-10.xmlnvd
www.vupen.com/english/advisories/2006/4307nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000