Description
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-0371 Vulnerability (CVE-2013-0371)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0050)
MySQL CVE-2015-0433 Vulnerability (CVE-2015-0433)
PostgreSQL Other Vulnerability (CVE-2000-1199)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4300)