CVE-2010-5297

Sažetak

WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.

Reference

http://codex.wordpress.org/Changelog/3.0.1
http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed
https://core.trac.wordpress.org/changeset/15342
https://core.trac.wordpress.org/ticket/14119

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

21-01-2014 - 17:28

Objavljeno

21-01-2014 - 01:55