Security Advisory

CVE-2008-2146

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2008-05-12 20:00:00

Last updated 2024-08-07 08:49:58

Assigner mitre

State PUBLISHED

Description

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

← Browse all CVEs View on cve.org ↗