Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2431

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2431
Last Modified 13 Jul 2009 12:00:00
Published 10 Jul 2009 05:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2431

Summary

WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source.

Vulnerable Systems

Application

  • Wordpress 2.7.1


References

VUPEN - ADV-2009-1833

OSVDB - 55716

XF - wordpress-username-information-disclosure(51733)

BUGTRAQ - 20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information

SECTRACK - 1022528

MISC - http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked


Last Updated: 27 May 2016 10:50:54