Description

vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].

Remediation

References

CVE-2006-2702

Related Vulnerabilities

WordPress Cross-Site Request Forgery (0.70 - 3.6.1)

XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-40572)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.51)

WordPress Plugin Ibtana-Ecommerce Product Addons Cross-Site Scripting (0.2.3)

Plone CMS Improper Input Validation Vulnerability (CVE-2011-4462)

Severity

Medium

Classification

CVE-2006-2702

Tags

Missing Update Known Vulnerabilities