1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2009-2762
PublicDate: 2009-08-13
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2762
Description:
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to
force a password reset for the first user in the database, possibly the
administrator, via a key[] array variable in a resetpass (aka rp) action,
which bypasses a check that assumes that $key is not an array.
Ubuntu-Description:
Notes:
ari-tczew> Exploit: http://www.securityfocus.com/bid/36014/exploit
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_wordpress:
upstream: http://core.trac.wordpress.org/changeset/11798
upstream_wordpress: released (2.8.4)
dapper_wordpress: ignored (reached end-of-life)
hardy_wordpress: ignored (reached end-of-life)
intrepid_wordpress: needed (reached end-of-life)
jaunty_wordpress: ignored (reached end-of-life)
karmic_wordpress: not-affected (2.8.4-1ubuntu1)
lucid_wordpress: not-affected (2.8.4-1ubuntu1)
maverick_wordpress: not-affected (2.8.4-1ubuntu1)
natty_wordpress: not-affected (2.8.4-1ubuntu1)
oneiric_wordpress: not-affected (2.8.4-1ubuntu1)
devel_wordpress: not-affected (2.8.4-1ubuntu1)
|