Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:60532
HistoryDec 24, 2012 - 12:00 a.m.

WordPress 'wp-login.php'安全绕过漏洞(CVE-2012-5868)

2012-12-2400:00:00
Root
www.seebug.org
15

0.002 Low

EPSS

Percentile

62.0%

JSON

Bugtraq ID:57019
CVE ID:CVE-2012-5868

WordPress是一款使用PHP语言开发的内容管理系统。

当通过注销链接(https://domainame.com/wp-login.php?action=logout)从WordPress 3.4.2(或其他版本)管理接口退出时,Wordpress会清除用户浏览器上的Cookie信息,但没有在Wordpress应用自身中使会话cookie失效。恶意用户如果能获取之前验证用户的会话cookie(wordpress_sec),添加到管理员接口访问的请求中(如https://domainname.com/wp-admin/profile.php),可拥有与之前用户相同的角色和权限来访问系统。
0
WordPress 3.4.2及可能其他版本
厂商解决方案

目前没有详细解决方案提供:
http://www.wordpress.org/

Related

wpvulndb 1
debiancve 1
patchstack 1
prion 1
ubuntucve 1
cve 1
openvas 1
wpvulndb
wpvulndb
WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
2014-09-17 13:32:43
debiancve
debiancve
CVE-2012-5868
2012-12-27 11:47:00
patchstack
patchstack
WordPress <= 3.4.2
2012-11-14 00:00:00
prion
prion
Design/Logic Flaw
2012-12-27 11:47:00
ubuntucve
ubuntucve
CVE-2012-5868
2012-12-27 00:00:00
cve
cve
CVE-2012-5868
2012-12-27 11:47:00
openvas
openvas
WordPress <= 3.4.2 Multiple Vulnerabilities
2022-12-08 00:00:00

0.002 Low

EPSS

Percentile

62.0%

JSON
Related for SSV:60532
wpvulndb1debiancve1patchstack1prion1ubuntucve1cve1openvas1