CVE-2006-4028 - Vulnerability Details - OpenCVE

Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

OR	cpe:2.3:a:wordpress:wordpress:2.0:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.3:::::::*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=142142
http://secunia.com/advisories/21309
http://secunia.com/advisories/21447
http://security.gentoo.org/glsa/glsa-200608-19.xml
http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/
http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/
http://wordpress.org/development/2006/07/wordpress-204/
http://www.osvdb.org/27633
http://www.securityfocus.com/bid/19247
http://www.vupen.com/english/advisories/2006/3071

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-09T20:00:00

Updated: 2024-08-07T18:57:46.418Z

Reserved: 2006-08-09T00:00:00

Link: CVE-2006-4028

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-08-09T20:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4028

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to \"Anyone can register\" functionality (user registration for guests)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-08-18T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-3071", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3071"}, {"name": "21447", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21447"}, {"name": "19247", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19247"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wordpress.org/development/2006/07/wordpress-204/"}, {"name": "21309", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21309"}, {"tags": ["x_refsource_MISC"], "url": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/"}, {"name": "GLSA-200608-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200608-19.xml"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=142142"}, {"tags": ["x_refsource_MISC"], "url": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/"}, {"name": "27633", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27633"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4028", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to \"Anyone can register\" functionality (user registration for guests)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-3071", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3071"}, {"name": "21447", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21447"}, {"name": "19247", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19247"}, {"name": "http://wordpress.org/development/2006/07/wordpress-204/", "refsource": "CONFIRM", "url": "http://wordpress.org/development/2006/07/wordpress-204/"}, {"name": "21309", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21309"}, {"name": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/", "refsource": "MISC", "url": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/"}, {"name": "GLSA-200608-19", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200608-19.xml"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=142142", "refsource": "MISC", "url": "http://bugs.gentoo.org/show_bug.cgi?id=142142"}, {"name": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/", "refsource": "MISC", "url": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/"}, {"name": "27633", "refsource": "OSVDB", "url": "http://www.osvdb.org/27633"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:57:46.418Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-3071", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3071"}, {"name": "21447", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21447"}, {"name": "19247", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19247"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wordpress.org/development/2006/07/wordpress-204/"}, {"name": "21309", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21309"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/"}, {"name": "GLSA-200608-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200608-19.xml"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=142142"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/"}, {"name": "27633", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27633"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4028", "datePublished": "2006-08-09T20:00:00", "dateReserved": "2006-08-09T00:00:00", "dateUpdated": "2024-08-07T18:57:46.418Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BDCFE9AA-39E9-4366-AAB7-F7A891BC797E", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BAF4671A-8449-438E-922B-94E5542137BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "92F05A1F-2227-4166-807B-1BDE2EA8F245", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73E23-7CD0-429C-986B-5F721F1696BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to \"Anyone can register\" functionality (user registration for guests)."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en WordPress anteriores a 2.0.4 tienen impacto y vectores de ataque desconocidos. NOTA: debido a la falta de detalles, no est\u00e1 claro por qu\u00e9 estos problemas son diferentes de CVE-2006-3389 y CVE-2006-3390, aunque es probable que la versi\u00f3n 2.04 solucione un problema no especificado relacionado con la funcionalidad \"cualquiera puede registrarse\" (registro de usuario para invitados)."}], "id": "CVE-2006-4028", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-09T20:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=142142"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21309"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21447"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200608-19.xml"}, {"source": "cve@mitre.org", "url": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/"}, {"source": "cve@mitre.org", "url": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://wordpress.org/development/2006/07/wordpress-204/"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27633"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/19247"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=142142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21309"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200608-19.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://unknowngenius.com/blog/archives/2006/07/26/critical-announcement-to-all-wordpress-users/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://unknowngenius.com/blog/archives/2006/07/27/followup-on-wordpress/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://wordpress.org/development/2006/07/wordpress-204/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/19247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3071"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}