Lucene search

[email protected]CVE-2009-2762

HistoryAug 13, 2009 - 4:30 p.m.

CVE-2009-2762

2009-08-1316:30:00

CWE-255

[email protected]

web.nvd.nist.gov

wordpress

password reset

vulnerability

wp-login.php

cve-2009-2762

nvd

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.927 High

EPSS

Percentile

99.0%

JSON

wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.

CPENameOperatorVersion
wordpress:wordpresswordpressle2.8.3

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	le	2.8.3

References

archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html

core.trac.wordpress.org/changeset/11798

secunia.com/advisories/36237

wordpress.org/development/2009/08/2-8-4-security-release/

www.exploit-db.com/exploits/9410

www.securityfocus.com/bid/36014

www.securitytracker.com/id?1022707

exchange.xforce.ibmcloud.com/vulnerabilities/52382

6.6 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.927 High

EPSS

Percentile

99.0%

JSON

Related for CVE-2009-2762

prion1 nessus3 ubuntucve1 debiancve1 openvas4 patchstack1 freebsd1