| Secunia Advisory: | SA28130 | |
| Release Date: | 2007-12-19 | |
| Critical: |  Less critical | |
| Impact: | Security Bypass Exposure of sensitive information | |
| Where: | From remote | |
| Solution Status: | Unpatched | |
| Software: | WordPress 2.x | |
| This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released! | ||
Michael Brooks has discovered a vulnerability in WordPress, which can be exploited by malicious people to bypass certain security restrictions and to disclose sensitive information.
The application does not properly restrict access to posted drafts to users with valid administrator credentials. This can be exploited to read drafts by accessing the index.php script with data in the "PATH_INFO" URL part ending with "wp-admin/".
Examples:
http://[host]/[path]/index.php/wp-admin/
http://[host]/[path]/index.php/test-wp-admin/
The vulnerability is confirmed in version 2.3.1. Other versions may also be affected.
Solution:
Do not post sensitive information as drafts.
Provided and/or discovered by:
Michael Brooks
http://secunia.com/advisories/28130/
全站熱搜
留言列表
