Summary
The host is installed with WordPress and is prone to Cross Site Request Forgery(CSRF) Vulnerabilities.
Impact
Successful attack could lead to execution of arbitrary script code and can cause denial of service condition.
Impact Level: Application
Solution
Upgrade to WordPress version 2.9.2 or later
For updates refer to http://wordpress.org/
NOTE: This issue relies on the presence of an independent vulnerability that allows cookie injection.
Insight
The flaw is due to incorrect usage of _REQUEST super global array, which leads to cross site request forgery (CSRF) attacks via crafted cookies.
Affected
WordPress 2.6.3 and earlier on all running platforms.
References
Severity
Classification
-
CVE CVE-2008-5113 -
CVSS Base Score: 4.0
AV:N/AC:H/Au:N/C:N/I:P/A:P
Related Vulnerabilities