fkie_nvd - fkie_cve-2009-2334

fkie_cve-2009-2334

Vulnerability from fkie_nvd

Published

2009-07-10 21:00

Modified

2025-04-09 00:30

Severity ?

Summary

wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.

References

URL	Tags
cve@mitre.org	http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked	Exploit
cve@mitre.org	http://securitytracker.com/id?1022528
cve@mitre.org	http://wordpress.org/development/2009/07/wordpress-2-8-1/	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2009/dsa-1871
cve@mitre.org	http://www.exploit-db.com/exploits/9110
cve@mitre.org	http://www.osvdb.org/55712	Exploit, Patch
cve@mitre.org	http://www.osvdb.org/55715	Patch
cve@mitre.org	http://www.securityfocus.com/archive/1/504795/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/35584	Exploit, Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1833	Patch, Vendor Advisory
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html
af854a3a-2127-422b-91ae-364da2661108	http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1022528
af854a3a-2127-422b-91ae-364da2661108	http://wordpress.org/development/2009/07/wordpress-2-8-1/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1871
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/9110
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/55712	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/55715	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/504795/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35584	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1833	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html

Impacted products

Vendor	Product	Version
wordpress	wordpress	*
wordpress	wordpress	0.6.2
wordpress	wordpress	0.6.2
wordpress	wordpress	0.6.2.1
wordpress	wordpress	0.6.2.1
wordpress	wordpress	0.7
wordpress	wordpress	0.71
wordpress	wordpress	0.71-gold
wordpress	wordpress	0.72
wordpress	wordpress	0.72
wordpress	wordpress	0.72
wordpress	wordpress	0.72
wordpress	wordpress	0.711
wordpress	wordpress	1.0
wordpress	wordpress	1.0
wordpress	wordpress	1.0
wordpress	wordpress	1.0
wordpress	wordpress	1.0
wordpress	wordpress	1.0-platinum
wordpress	wordpress	1.0.1
wordpress	wordpress	1.0.1-miles
wordpress	wordpress	1.0.2
wordpress	wordpress	1.0.2-blakey
wordpress	wordpress	1.2
wordpress	wordpress	1.2
wordpress	wordpress	1.2-delta
wordpress	wordpress	1.2-mingus
wordpress	wordpress	1.2.1
wordpress	wordpress	1.2.2
wordpress	wordpress	1.3.1
wordpress	wordpress	1.4
wordpress	wordpress	1.5
wordpress	wordpress	1.5-strayhorn
wordpress	wordpress	1.5.1
wordpress	wordpress	1.5.1.1
wordpress	wordpress	1.5.1.2
wordpress	wordpress	1.5.1.3
wordpress	wordpress	1.5.2
wordpress	wordpress	1.6
wordpress	wordpress	2.0
wordpress	wordpress	2.0.1
wordpress	wordpress	2.0.2
wordpress	wordpress	2.0.3
wordpress	wordpress	2.0.4
wordpress	wordpress	2.0.5
wordpress	wordpress	2.0.6
wordpress	wordpress	2.0.7
wordpress	wordpress	2.0.8
wordpress	wordpress	2.0.9
wordpress	wordpress	2.0.10
wordpress	wordpress	2.0.10_rc1
wordpress	wordpress	2.0.10_rc2
wordpress	wordpress	2.0.11
wordpress	wordpress	2.1
wordpress	wordpress	2.1
wordpress	wordpress	2.1.1
wordpress	wordpress	2.1.2
wordpress	wordpress	2.1.3
wordpress	wordpress	2.1.3_rc1
wordpress	wordpress	2.1.3_rc2
wordpress	wordpress	2.2
wordpress	wordpress	2.2.0
wordpress	wordpress	2.2.1
wordpress	wordpress	2.2.2
wordpress	wordpress	2.2.3
wordpress	wordpress	2.2_revision5002
wordpress	wordpress	2.2_revision5003
wordpress	wordpress	2.3
wordpress	wordpress	2.3
wordpress	wordpress	2.3
wordpress	wordpress	2.3.1
wordpress	wordpress	2.3.1
wordpress	wordpress	2.3.2
wordpress	wordpress	2.3.3
wordpress	wordpress	2.5
wordpress	wordpress	2.5.1
wordpress	wordpress	2.6
wordpress	wordpress	2.6.1
wordpress	wordpress	2.6.3
wordpress	wordpress	2.6.5
wordpress	wordpress_mu	*
wordpress	wordpress_mu	1.1
wordpress	wordpress_mu	1.1.1
wordpress	wordpress_mu	1.2
wordpress	wordpress_mu	1.2.1
wordpress	wordpress_mu	1.2.2
wordpress	wordpress_mu	1.2.3
wordpress	wordpress_mu	1.2.4
wordpress	wordpress_mu	1.2.4
wordpress	wordpress_mu	1.2.5a
wordpress	wordpress_mu	1.3
wordpress	wordpress_mu	1.3.1
wordpress	wordpress_mu	1.3.2
wordpress	wordpress_mu	1.3.3
wordpress	wordpress_mu	1.5
wordpress	wordpress_mu	1.5.1
wordpress	wordpress_mu	2.6
wordpress	wordpress_mu	2.6.1
wordpress	wordpress_mu	2.6.2
wordpress	wordpress_mu	2.6.3
wordpress	wordpress_mu	2.6.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68895399-32D7-43DE-945B-B9BD29DA5B13",
              "versionEndIncluding": "2.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FEB898B-BF80-44C1-A847-AC0062458B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.6.2:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "C3C33D37-2FFF-4DE5-B260-E090F4E6377B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E70EF48-AD6C-4119-B7C4-67E889A2BB27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.6.2.1:beta_2:*:*:*:*:*:*",
              "matchCriteriaId": "3E4139FE-7C43-44AC-856F-226E1194D936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0395AD1D-3470-49EE-9F2A-349EF8782B40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8B90E9-5DF5-45F5-9810-2973FDAA16A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.71-gold:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC499ABC-D1A6-4A9B-A06B-12C8275462DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F33ACD9-B4B6-4B5E-9CD5-26AA5997119C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.72:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "056E641C-9322-4BEE-97B4-FE16DE8D7336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.72:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "ADB42CEF-E12D-4DB0-8536-FD393D3697A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.72:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C4AF89F9-AE67-49B5-ACF0-3A645C454E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:*",
              "matchCriteriaId": "0174AF4F-9759-4762-ACF4-688E232AF1EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D86BA1-3DC8-478C-B2FA-581F9AE1F93E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "90C9AFEE-BCD7-4B4D-8F22-98747524F17D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "175B2515-E212-4347-8C04-13E110D70C80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "BD571A4D-1D9C-4925-AE99-9128421213F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "7B553469-0D8B-48AD-8EFF-3DC469262977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.0-platinum:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEE015E8-FDE1-47FA-B3E5-0DC2C0A5107D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E7BEFBD-4326-44A5-A160-9406D94AB307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.0.1-miles:*:*:*:*:*:*:*",
              "matchCriteriaId": "C516C041-B945-4992-8104-E20B3B6CECDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E85A88D7-07A1-4A8C-88B5-057AD9C675E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.0.2-blakey:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBD4E49-EA17-4FFD-AF9C-950E542555A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1FE320-DF71-42EC-A0F0-300F7D6D4AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.2:beta:*:*:*:*:*:*",
              "matchCriteriaId": "0666BEBE-BE45-41D3-8C53-E4C9E6853C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.2-delta:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2F19C7-DD9A-4851-8788-E3E4E8CE8E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.2-mingus:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4229BC-1646-4202-92B8-FC718D557518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64D4777-2ED6-4A47-A8F3-38A3A8EB1ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "614956CB-0582-4EAD-86F4-5AB0BB781CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4FEB48-771B-4331-B42B-764F12A94B47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "947635DB-A86E-45F0-B946-559202C49503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "503E4894-3F39-471F-9A56-052718813BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.5-strayhorn:*:*:*:*:*:*:*",
              "matchCriteriaId": "B86BC4AC-62D0-47AA-8E81-50ED0B3CB88E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "38085E5A-7B41-4E43-8A22-5FD44970F3EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF628FB8-1AC4-4F15-9967-E60785A32D1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F0BF1F6-A54A-48E8-A872-015FE10E5D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F0B6EAC-E43D-4D1B-856F-7C23250A2355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51FAD0FC-CE84-4332-B061-75C0C8A0B6AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AEABEFD-E248-42B7-B99E-FFDEE27F7064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDCFE9AA-39E9-4366-AAB7-F7A891BC797E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF4671A-8449-438E-922B-94E5542137BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92F05A1F-2227-4166-807B-1BDE2EA8F245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73E23-7CD0-429C-986B-5F721F1696BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EECE66B3-3696-4E98-AF63-DF2FB256A6FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E75BB382-6B47-4C6A-BF94-80443BEB1A23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFA75368-506F-4772-B0F2-8AAECDF288F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDD9E5C-766F-4945-B87D-781E780AB03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48C0BB5-2D87-49ED-A8EB-843E5F0EAE8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6AAA17D-FBB8-4F54-82E2-870D6FA5C299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0CAEE-5C14-44C6-85FB-6AFDAAA1C3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77D85664-E355-4A68-89EB-D5C9D0E6B916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.10_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "91243043-F4A6-40EF-97FC-989ED366394C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "66BE667A-A937-4C38-B4D5-29B33F23F7B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3624D4-E666-4A1B-B465-714ACBA0034C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.1:alpha_3:*:*:*:*:*:*",
              "matchCriteriaId": "46B86AD1-967D-4C8E-BD31-C2A2197B1E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A7CBC45-320E-48CF-9A63-07DDE2FB61BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "266E32CD-66FB-4E19-8091-EC748B177D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3DD9120-2224-4612-A6EE-539F47BD50E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14B0A9E4-9D09-4127-AF8B-4DA6D488E67C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.1.3_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8C667FD-BA00-43B3-8313-5A24A2DFF55A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A9FBA02-8A6A-471F-92CD-D8E77B5061C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D97C81-A053-4D73-BEA7-CBCB5FC0CC83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B5BC7E8-4C8A-4183-AB8C-1DAE12935387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F9137B-D13F-488B-8196-85E06FAB682E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "82F257F4-CB62-4C6F-8866-AA253EC8C0C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.2_revision5002:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AC4F089-A606-4880-8C5D-24520B55CD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.2_revision5003:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F6724F-AC94-4D6B-BEB7-EF4683FD1A07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79AB6F6F-2FE3-4FC3-9009-D40EA852711F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.3:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "94ADC624-E43E-4F1D-8525-F6903943C932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "06A25444-2680-4379-B2CA-9858B6AF71CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82F4D88-779D-4D5D-96CD-2B31B61BA29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.3.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4801D56C-5ED6-4648-A0C9-EB4D06786A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0DABD9-DE15-4619-8668-0277A67F5205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80D1CBE-DA6D-4939-A4A4-8F237C97F76C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BEC573-A346-4F07-8053-A5F6E92A343C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A777651-D2B2-47E0-A13C-BD667635F3E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B017F95A-90F8-4DE4-B74F-ABB712F32987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1503C4CB-5D58-4523-860C-4B637AD91CB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1253161D-F1C8-46D6-B970-20335071500E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE401B3-6291-4EA8-8800-0350BAC0B22E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79F41AFB-596E-4FFA-AC46-E563122A9D2F",
              "versionEndIncluding": "2.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2912D04D-A004-4842-8EF0-B51DAAA5FD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A77286DE-D583-4359-8962-439583BE9BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5ED66D3-5D12-42CE-8B98-6A2984DAC7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB3E9E3-1341-4F34-B6D1-5DF9F3B1D1D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EA81B6-0254-404D-8A2B-80C027383FCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "738C3727-FCA0-4C7B-B6D6-2FC14987706A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8149192C-167C-4459-8C20-355DE0FF2921",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.2.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EBC1B2B1-C8EE-47A4-BE44-CAC1A6CD432E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.2.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E6D03D-0547-4CAB-A1CF-AEAC82634437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF5136FA-5060-4448-9874-3DF375467ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB8E4A4-818E-4FDF-8C83-7C8FB5C83909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F534621-ED5F-46D0-A893-D0C6DAACB0C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1930525-806B-49B1-A18E-189D41E5885C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "330826FD-833C-4BB4-8293-2812956496B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "555E7E8A-3632-416B-889E-68E98AABE8CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "75674DE5-229D-4359-B29C-E18BBC76E188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAE70A19-919A-4478-B97B-EEF9FA29BECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70524981-C0ED-4915-B0F3-A9F5D4865A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9450D1-B817-4A38-A46F-05FCB6692A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress_mu:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA78384-3133-442A-B135-192440FB1745",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service."
    },
    {
      "lang": "es",
      "value": "wp-admin/admin.php en WordPress y WordPress MU antes de v2.8.1 no requiere autenticaci\u00f3n administrativa para acceder a la configuraci\u00f3n de un plugin, lo cual permite a atacantes remotos especificar un archivo de configuraci\u00f3n en la p\u00e1gina de par\u00e1metros para obtener informaci\u00f3n sensible o modificar este archivo, como se demostr\u00f3 por los ficheros (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, y (5) wp-ids/ids-admin.php. NOTA: esto puede ser aprovechados para vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) y denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2009-2334",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-07-10T21:00:00.187",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1022528"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1871"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/9110"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.osvdb.org/55712"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/55715"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35584"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1833"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://corelabs.coresecurity.com/index.php?action=view\u0026type=advisory\u0026name=WordPress_Privileges_Unchecked"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1022528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://wordpress.org/development/2009/07/wordpress-2-8-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/9110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.osvdb.org/55712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/55715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-2334 (GCVE-0-2009-2334)

Vulnerability from cvelistv5

Published

2009-07-10 20:25