Description

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

Remediation

References

CVE-2008-2146

Related Vulnerabilities

WordPress Plugin SupportEzzy Ticket System Cross-Site Scripting (1.2.5)

MySQL CVE-2016-0640 Vulnerability (CVE-2016-0640)

Oracle JRE CVE-2013-5797 Vulnerability (CVE-2013-5797)

Python Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3177)

PmWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4662)

Severity

High

Classification

CVE-2008-2146 CWE-264

Tags

Missing Update Known Vulnerabilities