WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-11-21T23:00:00Z
Updated: 2024-09-17T00:57:05.147Z
Reserved: 2006-11-21T00:00:00Z
Link: CVE-2006-6017
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-11-21T23:07:00.000
Modified: 2024-11-21T00:21:27.063
Link: CVE-2006-6017
Redhat
No data.