WordPress-MU Wp-login.php Security Bypass Vulnerability Network Vulnerability

Summary

The host is running WordPres-MU and is prone to Security Bypass vulnerability.

Impact

Attackers can exploit this issue to bypass security restrictions and change the administrative password. Impact Level: Application

Solution

Update to Version 2.8.4 http://mu.wordpress.org/download/

Insight

The flaw is due to an error in the wp-login.php script password reset mechanism which can be exploited by passing an array variable in a resetpass (aka rp) action.

Affected

WordPress-MU version prior to 2.8.4 on all running platform.

References

http://wordpress.org/development/2009/08/2-8-4-security-release/
http://xforce.iss.net/xforce/xfdb/52382

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2762
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ApPHP MicroBlog Remote Code Execution Vulnerability
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
Apache Tomcat /servlet Cross Site Scripting
ATutor password reminder SQL injection
Agora CGI Cross Site Scripting

WordPress-MU wp-login.php Security Bypass Vulnerability

Take action and discover your vulnerabilities