CVE

Id
40289  
CVE No.
CVE-2009-2854  
Status
Candidate  
Description
Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/.  
Phase
Assigned (20090818)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
442751 40289 CVE-2009-2854 MLIST:[oss-security] 20090804 CVE request: Wordpress  View
442752 40289 CVE-2009-2854 URL:http://www.openwall.com/lists/oss-security/2009/08/04/5  View
442753 40289 CVE-2009-2854 CONFIRM:http://core.trac.wordpress.org/changeset/11765  View
442754 40289 CVE-2009-2854 CONFIRM:http://core.trac.wordpress.org/changeset/11766  View
442755 40289 CVE-2009-2854 CONFIRM:http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/  View
442756 40289 CVE-2009-2854 DEBIAN:DSA-1871  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
41042 JVNDB-2009-002049 IBM DB2 の Security コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性 Unix プラットフォームで稼働している IBM DB2 の Security コンポーネントには、DB2 のメモリ構造内のプライベートメモリに関連する処理に不備があるため、サービス運用妨害 (DoS) となる脆弱性が存在します。 CVE-2009-2858 40289 5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002049.html  View