Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12165
HistorySep 02, 2009 - 12:00 a.m.

WordPress wp-admin非授权管理访问漏洞

2009-09-0200:00:00
Root
www.seebug.org
58

0.014 Low

EPSS

Percentile

84.9%

JSON

BUGTRAQ ID: 35935
CVE(CAN) ID: CVE-2009-2853,CVE-2009-2854

WordPress是一款免费的论坛Blog系统。

Wordpress没有检查用户对某些操作的权限,远程攻击者可以通过直接请求wp-admin/中的edit-comments.php、edit- pages.php、edit.php、edit-category-form.php、edit-link-category-form.php、 edit-tag-form.php、export.php、import.php或link-add.php执行非授权编辑或添加操作,或通过直接请求 admin-footer.php、edit-category-form.php、edit-form-advanced.php、edit- form-comment.php、edit-link-category-form.php、edit-link-form.php、edit- page-form.php或edit-tag-form.php获得管理权限提升。

WordPress < 2.8.3
厂商补丁:

Debian

Debian已经为此发布了一个安全公告(DSA-1871-1)以及相应补丁:
DSA-1871-1:New wordpress packages fix several vulnerabilities
链接:http://www.debian.org/security/2009/dsa-1871

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4.diff.gz
Size/MD5 checksum: 50984 45349b0822fc376b8cfef51b5cec3510
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz
Size/MD5 checksum: 520314 e9d5373b3c6413791f864d56b473dd54
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4.dsc
Size/MD5 checksum: 607 d9389cbc71eee6f08b15762a97c9d537

Architecture independent packages:

http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4_all.deb
Size/MD5 checksum: 521060 71a6aea482d0e7afb9c82701bef336e9

Debian GNU/Linux 5.0 alias lenny

Debian (stable)

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1.dsc
Size/MD5 checksum: 1051 46d9daad717f36918e2709757523f6eb
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1.orig.tar.gz
Size/MD5 checksum: 1181886 b1a40387006e54dcbd963d0cb5da0df4
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1.diff.gz
Size/MD5 checksum: 702119 07658ad36bed8829f58b1b6223eac294

Architecture independent packages:

http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1_all.deb
Size/MD5 checksum: 1029028 2d30e38e22761f87e23d2c85120bb1ff

补丁安装方法:

  1. 手工安装补丁包:

首先,使用下面的命令来下载补丁软件:

wget url (url是补丁下载链接地址)

然后,使用下面的命令来安装补丁:

dpkg -i file.deb (file是相应的补丁名)

  1. 使用apt-get自动安装补丁包:

    首先,使用下面的命令更新内部数据库:

    apt-get update

    然后,使用下面的命令安装更新软件包:

    apt-get upgrade

WordPress

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/

Related

openvas 5
prion 2
ubuntucve 2
cve 2
patchstack 2
debiancve 2
dsquare 1
nessus 2
debian 2
osv 2
openvas
openvas
WordPress 'wp-admin' Multiple Vulnerabilities (Aug 2009)
2009-08-20 00:00:00
Debian Security Advisory DSA 1871-2 (wordpress)
2009-09-02 00:00:00
Debian Security Advisory DSA 1871-1 (wordpress)
2009-09-02 00:00:00
prion
prion
Design/Logic Flaw
2009-08-18 21:00:00
Design/Logic Flaw
2009-08-18 21:00:00
ubuntucve
ubuntucve
CVE-2009-2854
2009-08-18 00:00:00
CVE-2009-2853
2009-08-18 00:00:00
cve
cve
CVE-2009-2854
2009-08-18 21:00:00
CVE-2009-2853
2009-08-18 21:00:00
patchstack
patchstack
WordPress <= 2.8.2 - Multiple Vulnerabilities #1
2009-08-18 00:00:00
WordPress <= 2.8.2 - Multiple Vulnerabilities #2
2009-08-18 00:00:00
debiancve
debiancve
CVE-2009-2854
2009-08-18 21:00:00
CVE-2009-2853
2009-08-18 21:00:00
dsquare
dsquare
WordPress 2.8.3 RCE
2012-05-10 00:00:00
nessus
nessus
WordPress < 2.8.3 'wp-admin' Multiple Security Bypass Vulnerabilities
2018-01-26 00:00:00
Debian DSA-1871-1 : wordpress - several vulnerabilities
2010-02-24 00:00:00
debian
debian
[SECURITY] [DSA 1871-2] New wordpress packages fix regression
2009-08-27 01:39:01
[SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilities
2009-08-23 03:41:14
osv
osv
wordpress - regression fix
2009-08-23 00:00:00
wordpress - several vulnerabilities
2009-08-23 00:00:00

0.014 Low

EPSS

Percentile

84.9%

JSON
Related for SSV:12165
openvas5prion2ubuntucve2cve2patchstack2debiancve2dsquare1nessus2debian2osv2