Description

vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].

Remediation

References

CVE-2006-2702

Related Vulnerabilities

WordPress Plugin WP Review Unspecified Vulnerability (5.2.1)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35155)

WordPress Plugin Advanced Text Widget 'page' Parameter Cross-Site Scripting (2.0.0)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.3)

Joomla CVE-2019-7739 Vulnerability (CVE-2019-7739)

Severity

Medium

Classification

CVE-2006-2702

Tags

Missing Update Known Vulnerabilities