Secunia
Login
|
|
CVE Reference: CVE-2009-2854 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2009-2854 |
|
|
Description: Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/. |
|
|
CVE Status: Candidate |
|
|
References: MLIST http://www.openwall.com/lists/oss-security/2009/08/04/5 DEBIAN http://www.debian.org/security/2009/dsa-1871 CONFIRM http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/ http://core.trac.wordpress.org/changeset/11766 http://core.trac.wordpress.org/changeset/11765 |
|
| Return to the previous page. |
