Описание
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 3.0.5+dfsg-1ubuntu1 |
| hardy | ignored | end of life |
| karmic | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | not-affected | 3.0.5+dfsg-1ubuntu1 |
| oneiric | not-affected | 3.0.5+dfsg-1ubuntu1 |
| precise | not-affected | 3.0.5+dfsg-1ubuntu1 |
| quantal | not-affected | 3.0.5+dfsg-1ubuntu1 |
Показывать по
Ссылки на источники
4 Medium
CVSS2
Связанные уязвимости
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
wp-admin/async-upload.php in the media uploader in WordPress before 3. ...
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.
4 Medium
CVSS2