oss-sec mailing list archives

Re: CVE id request: wordpress

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 12 May 2008 15:37:31 -0400 (EDT)


======================================================
Name: CVE-2008-2146
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2146
Reference: CONFIRM:http://trac.wordpress.org/changeset/6029
Reference: 
CONFIRM:http://trac.wordpress.org/changeset?old_path=tags%2F2.2.2&old=6063&new_path=tags%2F2.2.3&new=6063#file10
Reference: CONFIRM:http://trac.wordpress.org/ticket/4748

wp-includes/vars.php in Wordpress before 2.2.3 does not properly
extract the current pafe from the PATH_INFO ($PHP_SELF), which allows
remote attackers to bypass intended access restrictions for certain
pages.


1

Current thread:

CVE id request: wordpress Nico Golde (Apr 29)
- Re: CVE id request: wordpress Nico Golde (May 08)
- Re: CVE id request: wordpress Steven M. Christey (May 12)