Description

wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.

Remediation

References

CVE-2008-6767

Related Vulnerabilities

WordPress Plugin Question Answer Multiple Cross-Site Scripting Vulnerabilities (1.2.30)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (5.2.2)

WordPress Plugin Lingotek Translation Multiple Cross-Site Scripting Vulnerabilities (1.1.8)

Apache Tomcat Other Vulnerability (CVE-2011-2481)

phpMyAdmin Other Vulnerability (CVE-2007-2016)

Severity

Critical

Classification

CVE-2008-6767

Tags

Missing Update Known Vulnerabilities