[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE id request: wordpress
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2008-05-12 19:37:31
Message-ID: Pine.GSO.4.51.0805121537211.12683 () faron ! mitre ! org
[Download RAW message or body]
======================================================
Name: CVE-2008-2146
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2146
Reference: CONFIRM:http://trac.wordpress.org/changeset/6029
Reference: CONFIRM:http://trac.wordpress.org/changeset?old_path=tags%2F2.2.2&old=6063&new_path=tags%2F2.2.3&new=6063#file10
Reference: CONFIRM:http://trac.wordpress.org/ticket/4748
wp-includes/vars.php in Wordpress before 2.2.3 does not properly
extract the current pafe from the PATH_INFO ($PHP_SELF), which allows
remote attackers to bypass intended access restrictions for certain
pages.
1
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic