WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2146)

Description

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

Remediation

References

CVE-2008-2146

Related Vulnerabilities

Magento Improper Input Validation Vulnerability (CVE-2019-7899)

MediaWiki Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-31556)

Jetty Other Vulnerability (CVE-2020-27216)

WordPress Plugin WP Reactions Lite Cross-Site Scripting (1.3.5)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.0.0)

Severity

High

Classification

CVE-2008-2146 CWE-264