Описание
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
Ссылки
- Vendor Advisory
- ExploitPatch
- ExploitPatch
- PatchVendor Advisory
- Vendor Advisory
- ExploitPatch
- ExploitPatch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.6 (включая)
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00882
Низкий
7.5 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
ubuntu
около 12 лет назад
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
debian
около 12 лет назад
WordPress before 3.6.1 does not properly validate URLs before use in a ...
github
больше 3 лет назад
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
EPSS
Процентиль: 75%
0.00882
Низкий
7.5 High
CVSS2
Дефекты
CWE-20