'Re: [oss-security] CVE id request: wordpress'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE id request: wordpress
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2008-05-12 19:37:31
Message-ID: Pine.GSO.4.51.0805121537211.12683 () faron ! mitre ! org
[Download RAW message or body]


======================================================
Name: CVE-2008-2146
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2146
Reference: CONFIRM:http://trac.wordpress.org/changeset/6029
Reference: CONFIRM:http://trac.wordpress.org/changeset?old_path=tags%2F2.2.2&old=6063&new_path=tags%2F2.2.3&new=6063#file10
                
Reference: CONFIRM:http://trac.wordpress.org/ticket/4748

wp-includes/vars.php in Wordpress before 2.2.3 does not properly
extract the current pafe from the PATH_INFO ($PHP_SELF), which allows
remote attackers to bypass intended access restrictions for certain
pages.


1


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic