4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
WordPress MU prior to version 2.7 fails to sanitize the Host header correctly in choose_primary_blog function and can be hacked. Sites running in based virtual hosting setup are not affected while they are not the default virtual host.
Upgrade WordPress.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress mu | le | 2.7 |