CVE Vulnerabilities

CVE-2008-2146

Published: May 12, 2008 | Modified: Aug 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

Affected Software

Name Vendor Start Version End Version
Wordpress Wordpress 2.0.11 2.0.11
Wordpress Wordpress 2.0 2.0
Wordpress Wordpress 2.1.1 2.1.1
Wordpress Wordpress 2.1.3_rc2 2.1.3_rc2
Wordpress Wordpress 2.0.2 2.0.2
Wordpress Wordpress 2.1 2.1
Wordpress Wordpress 2.0.10_rc1 2.0.10_rc1
Wordpress Wordpress 1.5-strayhorn 1.5-strayhorn
Wordpress Wordpress 2.0.6 2.0.6
Wordpress Wordpress 2.0.1 2.0.1
Wordpress Wordpress 2.0.4 2.0.4
Wordpress Wordpress 1.3.1 1.3.1
Wordpress Wordpress 2.2_revision5003 2.2_revision5003
Wordpress Wordpress 0.711 0.711
Wordpress Wordpress 0.6.2.1 0.6.2.1
Wordpress Wordpress 1.4 1.4
Wordpress Wordpress 2.2 2.2
Wordpress Wordpress 1.2.1 1.2.1
Wordpress Wordpress 0.7 0.7
Wordpress Wordpress 2.1.3 2.1.3
Wordpress Wordpress 2.0.7 2.0.7
Wordpress Wordpress 2.2.0 2.2.0
Wordpress Wordpress 2.1.2 2.1.2
Wordpress Wordpress 0.71 0.71
Wordpress Wordpress 2.0.5 2.0.5
Wordpress Wordpress 0.6.2 0.6.2
Wordpress Wordpress 1.5.1.1 1.5.1.1
Wordpress Wordpress 2.0.9 2.0.9
Wordpress Wordpress 2.2.1 2.2.1
Wordpress Wordpress 1.5.2 1.5.2
Wordpress Wordpress 1.6 1.6
Wordpress Wordpress 1.0.1 1.0.1
Wordpress Wordpress 2.0.10_rc2 2.0.10_rc2
Wordpress Wordpress 1.0.2 1.0.2
Wordpress Wordpress 2.0.3 2.0.3
Wordpress Wordpress 1.5.1.2 1.5.1.2
Wordpress Wordpress 1.2 1.2
Wordpress Wordpress * 2.2.2
Wordpress Wordpress 2.1.3_rc1 2.1.3_rc1
Wordpress Wordpress 1.2.2 1.2.2
Wordpress Wordpress 2.0.10 2.0.10
Wordpress Wordpress 1.0 1.0
Wordpress Wordpress 1.5 1.5
Wordpress Wordpress 1.5.1 1.5.1
Wordpress Wordpress 1.5.1.3 1.5.1.3
Wordpress Wordpress 2.2_revision5002 2.2_revision5002
Wordpress Wordpress 2.0.8 2.0.8

References