Описание
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 2.8.4-1ubuntu1 |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | ignored | end of life |
| karmic | not-affected | 2.8.4-1ubuntu1 |
| lucid | not-affected | 2.8.4-1ubuntu1 |
| maverick | not-affected | 2.8.4-1ubuntu1 |
| natty | not-affected | 2.8.4-1ubuntu1 |
| oneiric | not-affected | 2.8.4-1ubuntu1 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
Связанные уязвимости
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.
EPSS
7.5 High
CVSS2