Short Name |
HTTP:PHP:WP-ADMIN-CONFIG-BYPASS
|
Severity |
Medium
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
WordPress 'wp-admin/admin.php' Module Configuration Security Bypass
|
Release Date |
2013/05/09
|
Update Number |
2262
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+
|
HTTP: WordPress 'wp-admin/admin.php' Module Configuration Security Bypass
This signature detects attempts to exploit a known vulnerability against WordPress. It is due to insufficient validation of user supplied input in wp-admin/admin.php script. A successful attack can lead to unauthorized access within the context of affected application.
Extended Description
WordPress is prone to a security-bypass vulnerability.
Authenticated attackers may exploit this issue to gain access to configuration scripts, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible.
Versions prior to the following are vulnerable:
WordPress 2.8.1
WordPress MU 2.8.1
Affected Products
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Armel
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Debian Linux 5.0
- Debian Linux 5.0 Alpha
- Debian Linux 5.0 Amd64
- Debian Linux 5.0 Arm
- Debian Linux 5.0 Armel
- Debian Linux 5.0 Hppa
- Debian Linux 5.0 Ia-32
- Debian Linux 5.0 Ia-64
- Debian Linux 5.0 M68k
- Debian Linux 5.0 Mips
- Debian Linux 5.0 Mipsel
- Debian Linux 5.0 Powerpc
- Debian Linux 5.0 S/390
- Debian Linux 5.0 Sparc
- Red Hat Fedora 10
- Red Hat Fedora 11
- WordPress 2.0.0
- WordPress 2.0.1
- WordPress 2.0.10
- WordPress 2.0.10-RC1
- WordPress 2.0.10-RC2
- WordPress 2.0.11
- WordPress 2.0.2
- WordPress 2.0.3
- WordPress 2.0.4
- WordPress 2.0.5
- WordPress 2.0.6
- WordPress 2.0.7
- WordPress 2.1
- WordPress 2.1.1
- WordPress 2.1.2
- WordPress 2.1.3
- WordPress 2.1.3-RC1
- WordPress 2.1.3-RC2
- WordPress 2.2
- WordPress 2.2.1
- WordPress 2.2.2
- WordPress 2.2.3
- WordPress 2.2 Revision 5002
- WordPress 2.2 Revision 5003
- WordPress 2.3
- WordPress 2.3.1
- WordPress 2.3.2
- WordPress 2.3.3
- WordPress 2.5
- WordPress 2.5.1
- WordPress 2.6
- WordPress 2.6.1
- WordPress 2.6.2
- WordPress 2.6.5
- WordPress 2.8
- WordPress WordPress MU 2.6
- WordPress WordPress MU 2.7
- WordPress WordPress MU 2.7.1
References