Re: Sql Injection and Path Disclosoure Wordpress v2.0.5

["Paul Robertson" <compuwar@xxxxxxxxx>]

On 6 Sep 2006 17:26:18 -0000, vannovax@xxxxxxxxx <vannovax@xxxxxxxxx> wrote:
> Version Afected: v2.0.5 - v2.0.2
>
>
> For Version v2.0.2
>
>
> index.php?paged=-25633&header.php?=-id

Isn't this the exact same bug reported on Bugtraq in early July by
zero in 2.0.3?

> For Version v2.0.5
>
> index.php?paged=/archive/-1-5-2-Create%20Table

The Wordpress folks tell me there isn't a version 2.0.5, 2.0.4 is the
latest release and the subversion code isn't numbered that way.  Is it
possible the OP got the version string wrong?

Thanks,

Paul
--
fora.compuwar.net