ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 2.2.2 - BYPASS

Product
WordPress
Description
The attackers can bypass intended access restrictions for certain pages, because wp-includes/vars.php does not properly extract the current path from the PATH_INFO.
Solution
Update WordPress.
Classification
Type BYPASS
References
CVE Mitre
CVE
Name CVE-2008-2146
Versions
Affected In <= 2.2.2
Fixed In 2.2.3
Disclosure date
2008-05-12