wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wordpress | Wordpress | * | 3.3.2 (including) |
| Wordpress | Wordpress | 3.0 (including) | 3.0 (including) |
| Wordpress | Wordpress | 3.0.1 (including) | 3.0.1 (including) |
| Wordpress | Wordpress | 3.0.2 (including) | 3.0.2 (including) |
| Wordpress | Wordpress | 3.0.3 (including) | 3.0.3 (including) |
| Wordpress | Wordpress | 3.0.4 (including) | 3.0.4 (including) |
| Wordpress | Wordpress | 3.0.5 (including) | 3.0.5 (including) |
| Wordpress | Wordpress | 3.0.6 (including) | 3.0.6 (including) |
| Wordpress | Wordpress | 3.1 (including) | 3.1 (including) |
| Wordpress | Wordpress | 3.1.1 (including) | 3.1.1 (including) |
| Wordpress | Wordpress | 3.1.2 (including) | 3.1.2 (including) |
| Wordpress | Wordpress | 3.1.3 (including) | 3.1.3 (including) |
| Wordpress | Wordpress | 3.1.4 (including) | 3.1.4 (including) |
| Wordpress | Wordpress | 3.2 (including) | 3.2 (including) |
| Wordpress | Wordpress | 3.2-beta1 (including) | 3.2-beta1 (including) |
| Wordpress | Wordpress | 3.2.1 (including) | 3.2.1 (including) |
| Wordpress | Wordpress | 3.3 (including) | 3.3 (including) |
| Wordpress | Wordpress | 3.3.1 (including) | 3.3.1 (including) |
| Wordpress | Ubuntu | lucid | * |
| Wordpress | Ubuntu | precise | * |
| Wordpress | Ubuntu | upstream | * |