N/A

Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/.

N/A

N/A

WordPress 权限许可和访问控制漏洞

WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL 数据库的服务器上架设自己的网志。 Wordpress 2.8.3之前的版本没有检查某些操作所需要的性能，这使得远程攻击者可以借助对wp-admin/中的(1)edit-comments.php，(2)edit-pages.php，(3)edit.php，(4)edit-category-form.php，(5)edit-link-category-form.php，(6)edit-tag-form.php，(7)exp

N/A

N/A