WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability (0.6.2 - 2.8)

Description

WordPress is prone to a security bypass vulnerability. Authenticated attackers may exploit this issue to gain access to configuration scripts, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible. WordPress versions 2.8 and prior are vulnerable.

Remediation

Update to WordPress version 2.8.1 or latest

References

http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked

http://www.exploit-db.com/exploits/9110/

http://www.securiteam.com/securitynews/5QP0E0KRQM.html

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-7137)

Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2019-15226)

WordPress Plugin Portable phpMyAdmin Authentication Bypass (1.3.0)

TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050)

Joomla CVE-2018-17859 Vulnerability (CVE-2018-17859)

Severity

High

Classification

CVE-2009-2334 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass