CVE-2009-2853 - Vulnerability Details

Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

OR	cpe:2.3:a:wordpress:wordpress:0.71:::::::*
	cpe:2.3:a:wordpress:wordpress:0.71:beta::::::
	cpe:2.3:a:wordpress:wordpress:0.71:beta_3::::::
	cpe:2.3:a:wordpress:wordpress:0.72:::::::*
	cpe:2.3:a:wordpress:wordpress:0.72:beta_1::::::
	cpe:2.3:a:wordpress:wordpress:0.72:beta_2::::::
	cpe:2.3:a:wordpress:wordpress:0.72:rc1::::::
	cpe:2.3:a:wordpress:wordpress:0.711:::::::*
	cpe:2.3:a:wordpress:wordpress:1.0:::::::*
	cpe:2.3:a:wordpress:wordpress:1.0.1:miles::::::
	cpe:2.3:a:wordpress:wordpress:1.0.1:rc1::::::
	cpe:2.3:a:wordpress:wordpress:1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2:beta::::::
	cpe:2.3:a:wordpress:wordpress:1.2:rc1::::::
	cpe:2.3:a:wordpress:wordpress:1.2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.1.3:::::::*
	cpe:2.3:a:wordpress:wordpress:1.5.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.4:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.5:ronan::::::
	cpe:2.3:a:wordpress:wordpress:2.0.6:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.7:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.9:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.10:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.11:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1:ella::::::
	cpe:2.3:a:wordpress:wordpress:2.1.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.1:dangerous::::::
	cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.2.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3:beta3::::::
	cpe:2.3:a:wordpress:wordpress:2.3:rc1::::::
	cpe:2.3:a:wordpress:wordpress:2.3.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.3.1:rc1::::::
	cpe:2.3:a:wordpress:wordpress:2.3.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.5.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.6.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.7:coltrane::::::
	cpe:2.3:a:wordpress:wordpress:2.7.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.8.2:::::::*

No data.

References

Link	Providers
http://core.trac.wordpress.org/changeset/11768
http://core.trac.wordpress.org/changeset/11769
http://wordpress.org/development/2009/08/wordpress-2-8-3-security-release/
http://www.debian.org/security/2009/dsa-1871
http://www.openwall.com/lists/oss-security/2009/08/04/5

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-18T20:41:00

Updated: 2024-08-07T06:07:37.242Z

Reserved: 2009-08-18T00:00:00

Link: CVE-2009-2853

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-08-18T21:00:00.563

Modified: 2024-11-21T01:05:54.337

Link: CVE-2009-2853

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object