CVE Vulnerabilities

CVE-2014-9037

Published: Nov 25, 2014 | Modified: Jun 30, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

Affected Software

Name Vendor Start Version End Version
Mageia Mageia_project 3 (including) 3 (including)
Mageia Mageia_project 4 (including) 4 (including)
Wordpress Ubuntu lucid *
Wordpress Ubuntu precise *
Wordpress Ubuntu trusty *
Wordpress Ubuntu upstream *
Wordpress Ubuntu utopic *

References