Description

wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.

Remediation

References

CVE-2012-6634

Related Vulnerabilities

WordPress Plugin SMTP Mail Cross-Site Scripting (1.1.14)

MySQL CVE-2017-3459 Vulnerability (CVE-2017-3459)

Joomla! Core 1.5.x Directory Traversal (1.5.0 - 1.5.8)

WordPress Plugin Orbit Fox by ThemeIsle Multiple Vulnerabilities (2.10.2)

WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP PHP Object Injection (4.67.8)

Severity

Medium

Classification

CVE-2012-6634 CWE-264

Tags

Missing Update Known Vulnerabilities