{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2006-11-04T01:07:00Z",
  "id": "CVE-2006-5705",
  "details": "Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/22683"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/22942"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.027-wordpress.html"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.vupen.com/english/advisories/2006/4307"
    },
    {
      "type": "FIX",
      "url": "http://secunia.com/advisories/22683"
    },
    {
      "type": "FIX",
      "url": "http://wordpress.org/development/2006/10/205-ronan/"
    },
    {
      "type": "FIX",
      "url": "http://www.securityfocus.com/bid/20869"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=153303"
    },
    {
      "type": "WEB",
      "url": "http://markjaquith.wordpress.com/2006/10/17/changes-in-wordpress-205/"
    },
    {
      "type": "WEB",
      "url": "http://trac.wordpress.org/changeset/4226"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200611-10.xml"
    }
  ]
}