CVE

Id
39769  
CVE No.
CVE-2009-2334  
Status
Candidate  
Description
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.  
Phase
Assigned (20090705)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
436779 39769 CVE-2009-2334 BUGTRAQ:20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information  View
436780 39769 CVE-2009-2334 URL:http://www.securityfocus.com/archive/1/archive/1/504795/100/0/threaded  View
436781 39769 CVE-2009-2334 MILW0RM:9110  View
436782 39769 CVE-2009-2334 URL:http://www.milw0rm.com/exploits/9110  View
436783 39769 CVE-2009-2334 MISC:http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked  View
436784 39769 CVE-2009-2334 CONFIRM:http://wordpress.org/development/2009/07/wordpress-2-8-1/  View
436785 39769 CVE-2009-2334 DEBIAN:DSA-1871  View
436786 39769 CVE-2009-2334 URL:http://www.debian.org/security/2009/dsa-1871  View
436787 39769 CVE-2009-2334 FEDORA:FEDORA-2009-7701  View
436788 39769 CVE-2009-2334 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html  View
436789 39769 CVE-2009-2334 FEDORA:FEDORA-2009-7729  View
436790 39769 CVE-2009-2334 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html  View
436791 39769 CVE-2009-2334 FEDORA:FEDORA-2009-8529  View
436792 39769 CVE-2009-2334 URL:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html  View
436793 39769 CVE-2009-2334 FEDORA:FEDORA-2009-8538  View
436794 39769 CVE-2009-2334 URL:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html  View
436795 39769 CVE-2009-2334 BID:35584  View
436796 39769 CVE-2009-2334 URL:http://www.securityfocus.com/bid/35584  View
436797 39769 CVE-2009-2334 OSVDB:55712  View
436798 39769 CVE-2009-2334 URL:http://www.osvdb.org/55712  View
436799 39769 CVE-2009-2334 OSVDB:55715  View
436800 39769 CVE-2009-2334 URL:http://www.osvdb.org/55715  View
436801 39769 CVE-2009-2334 SECTRACK:1022528  View
436802 39769 CVE-2009-2334 URL:http://securitytracker.com/id?1022528  View
436803 39769 CVE-2009-2334 VUPEN:ADV-2009-1833  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
42582 JVNDB-2009-003589 FreeWebshop.org の includes/startmodules.inc.php におけるディレクトリトラバーサルの脆弱性 FreeWebshop.org の includes/startmodules.inc.php には、register_globals が有効になっている際、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2009-2338 39769 6.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003589.html  View