Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6767

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-6767
Last Modified 26 Aug 2009 01:20:27
Published 28 Apr 2009 12:30:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6767

Summary

wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.

Vulnerable Systems

Application

  • Wordpress 2.6


References

XF - wordpress-upgrade-sec-bypass(50384)

DEBIAN - DSA-1871

BUGTRAQ - 20081222 [ISecAuditors Security Advisories] Wordpress is vulnerable to an unauthorized upgrade and XSS


Last Updated: 27 May 2016 10:49:20