WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2146)

Description

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

Remediation

References

CVE-2008-2146

Related Vulnerabilities

WordPress Plugin WP Spell Check Cross-Site Request Forgery (7.1.9)

WordPress Plugin WP-Footnotes 'admin_panel.php' Multiple Remote Vulnerabilities (2.2)

MySQL CVE-2020-14893 Vulnerability (CVE-2020-14893)

WordPress Plugin YITH WooCommerce Social Login Security Bypass (1.3.4)

WordPress Plugin Duplicate Post SQL Injection (1.1.9)

Severity

High

Classification

CVE-2008-2146 CWE-264