CVE-2008-2146

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2008-2146

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2008-2146.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2008-2146

Downstream

DEBIAN-CVE-2008-2146

DSA-1564-1

Published

2008-05-12T20:20:00Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATHINFO ($PHPSELF), which allows remote attackers to bypass intended access restrictions for certain pages.

References

http://trac.wordpress.org/changeset/6029
http://trac.wordpress.org/changeset?old_path=tags%2F2.2.2&old=6063&new_path=tags%2F2.2.3&new=6063#file10
http://trac.wordpress.org/ticket/4748
http://osvdb.org/45188
https://exchange.xforce.ibmcloud.com/vulnerabilities/42379

CVE-2008-2146

Affected packages