Description

vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].

Remediation

References

CVE-2006-2702

Related Vulnerabilities

Django Improper Input Validation Vulnerability (CVE-2011-4136)

IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4661)

Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)

WordPress Plugin YaMaps for WordPress Cross-Site Scripting (0.6.25)

WordPress Plugin Simple File List Cross-Site Scripting (4.4.11)

Severity

Medium

Classification

CVE-2006-2702

Tags

Missing Update Known Vulnerabilities