Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:11788
HistoryJul 10, 2009 - 12:00 a.m.

WordPress wp-admin/admin.php模块错误权限检查漏洞

2009-07-1000:00:00
Root
www.seebug.org
22

0.183 Low

EPSS

Percentile

95.7%

JSON

BUGTRAQ ID: 35584
CVE(CAN) ID: CVE-2009-2334

WordPress是一款免费的论坛Blog系统。

WordPress对使用page参数的插件配置PHP模块缺少权限检查,如果非特权用户在请求中用admin.php替换了options- general.php或plugins.php,就可以非授权查看插件配置页面的内容,或修改某些插件选项并注入JavaScript代码。

WordPress WordPress 2.8
WordPress WordPress MU 2.7.1
WordPress

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://wordpress.org/


                                                http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt
http://www.example.com/wp-admin/admin.php?page=akismet/readme.txt
http://www.example.com/wp-admin/admin.php?page=related-ways-to-take-action/options.php
http://www.example.com/wp-admin/admin.php?page=wp-security-scan/securityscan.php

Related

openvas 23
fedora 7
cve 1
ubuntucve 1
debiancve 1
patchstack 1
prion 1
nessus 6
securityvulns 2
packetstorm 1
exploitpack 1
seebug 2
exploitdb 1
debian 2
osv 2
openvas
openvas
Fedora Core 11 FEDORA-2009-11260 (wordpress-mu)
2009-11-17 00:00:00
Fedora Core 11 FEDORA-2009-11260 (wordpress-mu)
2009-11-17 00:00:00
Fedora Update for wordpress-mu FEDORA-2009-12547
2010-03-02 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: wordpress-mu-2.8.5.2-1.fc11
2009-11-10 17:54:09
[SECURITY] Fedora 11 Update: wordpress-mu-2.8.6-1.fc11
2010-01-28 00:58:59
[SECURITY] Fedora 10 Update: wordpress-mu-2.8.5.2-1.fc10
2009-11-10 17:57:05
cve
cve
CVE-2009-2334
2009-07-10 21:00:00
ubuntucve
ubuntucve
CVE-2009-2334
2009-07-10 00:00:00
debiancve
debiancve
CVE-2009-2334
2009-07-10 21:00:00
patchstack
patchstack
WordPress - Privileges Unchecked in admin.php and Multiple Information
2009-07-10 00:00:00
prion
prion
Cross site scripting
2009-07-10 21:00:00
nessus
nessus
WordPress < 2.8.1 Multiple Vulnerabilities
2004-08-18 00:00:00
Fedora 10 : wordpress-2.8.1-1.fc10 (2009-7729)
2009-07-20 00:00:00
Fedora 11 : wordpress-mu-2.8.4a-1.fc11 (2009-8529)
2009-08-18 00:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-07-09 00:00:00
CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
2009-07-09 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2009.0515
2009-07-08 00:00:00
exploitpack
exploitpack
WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures
2009-07-10 00:00:00
seebug
seebug
WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures
2009-07-09 00:00:00
WordPress Privileges Unchecked in admin.php and Multiple Information
2009-07-10 00:00:00
exploitdb
exploitdb
WordPress Core / MU / Plugins - &#039;/admin.php&#039; Privileges Unchecked / Multiple Information Disclosures
2009-07-10 00:00:00
debian
debian
[SECURITY] [DSA 1871-2] New wordpress packages fix regression
2009-08-27 01:39:01
[SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilities
2009-08-23 03:41:14
osv
osv
wordpress - regression fix
2009-08-23 00:00:00
wordpress - several vulnerabilities
2009-08-23 00:00:00

0.183 Low

EPSS

Percentile

95.7%

JSON
Related for SSV:11788
openvas23fedora7cve1ubuntucve1debiancve1patchstack1prion1nessus6securityvulns2packetstorm1exploitpack1seebug2exploitdb1debian2osv2