oss-sec mailing list archives
Re: CVE id request: wordpress
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 12 May 2008 15:37:31 -0400 (EDT)
====================================================== Name: CVE-2008-2146 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2146 Reference: CONFIRM:http://trac.wordpress.org/changeset/6029 Reference: CONFIRM:http://trac.wordpress.org/changeset?old_path=tags%2F2.2.2&old=6063&new_path=tags%2F2.2.3&new=6063#file10 Reference: CONFIRM:http://trac.wordpress.org/ticket/4748 wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current pafe from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages. 1
Current thread:
- CVE id request: wordpress Nico Golde (Apr 29)
- Re: CVE id request: wordpress Nico Golde (May 08)
- Re: CVE id request: wordpress Steven M. Christey (May 12)