Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone Networks GmbHOPENVAS:1361412562310800662
HistoryJul 18, 2009 - 12:00 a.m.

WordPress / WordPress MU Multiple Vulnerabilities - July09

2009-07-1800:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
73

0.97 High

EPSS

Percentile

99.7%

JSON

The host is running WordPress / WordPress MU and is prone to multiple
vulnerabilities

###############################################################################
# OpenVAS Vulnerability Test
#
# WordPress / WordPress MU Multiple Vulnerabilities - July09
#
# Authors:
# Antu Sanadi <[email protected]>
#
# Copyright:
# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.800662");
  script_version("2020-05-08T08:34:44+0000");
  script_tag(name:"last_modification", value:"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)");
  script_tag(name:"creation_date", value:"2009-07-18 09:37:41 +0200 (Sat, 18 Jul 2009)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_cve_id("CVE-2009-2432", "CVE-2009-2336", "CVE-2009-2335", "CVE-2009-2334");
  script_bugtraq_id(35581, 35584);
  script_name("WordPress / WordPress MU Multiple Vulnerabilities - July09");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Web application abuses");
  script_dependencies("secpod_wordpress_detect_900182.nasl");
  script_require_ports("Services/www", 80);
  script_mandatory_keys("wordpress/installed");

  script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2009/1833");
  script_xref(name:"URL", value:"http://securitytracker.com/alerts/2009/Jul/1022528.html");
  script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/archive/1/504795/100/0/threaded");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers to view the content of plugins
  configuration pages, inject malicious scripting code, or gain knowledge of sensitive username information.");

  script_tag(name:"affected", value:"WordPress / WordPress MU version prior to 2.8.1.");

  script_tag(name:"insight", value:"- Error in 'wp-settings.php' which may disclose sensitive information via
  a direct request.

  - Error occur when user attempt for failed login or password request depending
  on whether the user account exists, and it can be exploited by enumerate valid usernames.

  - Error in wp-admin/admin.php is does not require administrative authentication
  to access the configuration of a plugin, which allows attackers to specify a
  configuration file in the page parameter via collapsing-archives/options.txt,
  related-ways-to-take-action/options.php, wp-security-scan/securityscan.php,
  akismet/readme.txt and wp-ids/ids-admin.php.");

  script_tag(name:"solution", value:"Update to Version 2.8.1 or later.");

  script_tag(name:"summary", value:"The host is running WordPress / WordPress MU and is prone to multiple
  vulnerabilities");

  script_tag(name:"qod_type", value:"remote_analysis");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("host_details.inc");

cpe_list = make_list( "cpe:/a:wordpress:wordpress_mu", "cpe:/a:wordpress:wordpress" );

if( ! infos = get_app_port_from_list( cpe_list:cpe_list ) )
  exit( 0 );

cpe  = infos["cpe"];
port = infos["port"];

if( ! dir = get_app_location( cpe:cpe, port:port ) )
  exit( 0 );

if( dir == "/" )
  dir = "";

url = dir + "/wp-settings.php";

req = http_get( item:url, port:port );
res = http_keepalive_send_recv( port:port, data:req );
if( "ABSPATHwp-include" >< res && "include_path" >< res ) {
  report = http_report_vuln_url( port:port, url:url );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

openvas 22
nessus 6
fedora 7
securityvulns 2
packetstorm 2
exploitpack 1
seebug 4
exploitdb 1
cve 4
patchstack 4
ubuntucve 4
debiancve 4
prion 4
debian 2
osv 2
openvas
openvas
Fedora Core 11 FEDORA-2009-7701 (wordpress)
2009-07-29 00:00:00
Fedora Core 10 FEDORA-2009-7729 (wordpress)
2009-07-29 00:00:00
Fedora Core 11 FEDORA-2009-7701 (wordpress)
2009-07-29 00:00:00
nessus
nessus
Fedora 11 : wordpress-2.8.1-1.fc11 (2009-7701)
2009-07-20 00:00:00
Fedora 10 : wordpress-mu-2.8.4a-1.fc10 (2009-8538)
2009-08-18 00:00:00
Fedora 10 : wordpress-2.8.1-1.fc10 (2009-7729)
2009-07-20 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: wordpress-2.8.1-1.fc10
2009-07-19 10:17:03
[SECURITY] Fedora 11 Update: wordpress-2.8.1-1.fc11
2009-07-19 10:07:19
[SECURITY] Fedora 11 Update: wordpress-mu-2.8.4a-1.fc11
2009-08-15 08:09:49
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-07-09 00:00:00
CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
2009-07-09 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2009.0515
2009-07-08 00:00:00
WordPress Block-Spam-By-Math-Reloaded Plugin Bypass
2011-08-21 00:00:00
exploitpack
exploitpack
WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures
2009-07-10 00:00:00
seebug
seebug
WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures
2009-07-09 00:00:00
WordPress Privileges Unchecked in admin.php and Multiple Information
2009-07-10 00:00:00
WordPressๅฃไปค้‡็ฝฎ็”จๆˆทๅๆžšไธพๆผๆดž
2009-07-10 00:00:00
exploitdb
exploitdb
WordPress Core / MU / Plugins - &#039;/admin.php&#039; Privileges Unchecked / Multiple Information Disclosures
2009-07-10 00:00:00
cve
cve
CVE-2009-2334
2009-07-10 21:00:00
CVE-2009-2335
2009-07-10 21:00:00
CVE-2009-2336
2009-07-10 21:00:00
patchstack
patchstack
WordPress <= 2.8.0 - Multiple Existing/Non-Existing Username Enumeration Weaknesses
2009-07-05 00:00:00
WordPress Block Spam By Math Reloaded Plugin - Bypass
2011-08-20 00:00:00
WordPress - Privileges Unchecked in admin.php and Multiple Information
2009-07-10 00:00:00
ubuntucve
ubuntucve
CVE-2009-2334
2009-07-10 00:00:00
CVE-2009-2335
2009-07-10 00:00:00
CVE-2009-2336
2009-07-10 00:00:00
debiancve
debiancve
CVE-2009-2334
2009-07-10 21:00:00
CVE-2009-2335
2009-07-10 21:00:00
CVE-2009-2432
2009-07-10 21:00:00
prion
prion
Design/Logic Flaw
2009-07-10 21:00:00
Cross site request forgery (csrf)
2009-07-10 21:00:00
Information disclosure
2009-07-10 21:00:00
debian
debian
[SECURITY] [DSA 1871-2] New wordpress packages fix regression
2009-08-27 01:39:01
[SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilities
2009-08-23 03:41:14
osv
osv
wordpress - regression fix
2009-08-23 00:00:00
wordpress - several vulnerabilities
2009-08-23 00:00:00

0.97 High

EPSS

Percentile

99.7%

JSON
Related for OPENVAS:1361412562310800662
openvas22nessus6fedora7securityvulns2packetstorm2exploitpack1seebug4exploitdb1cve4patchstack4ubuntucve4debiancve4prion4debian2osv2