Back to search
CVE-2008-5113
Published: Nov 17, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-1871
vendor-advisory
x_refsource_DEBIAN
http://bugs.debian.org/504771
x_refsource_CONFIRM
wordpress-request-weak-security(46698)
vdb-entry
x_refsource_XF
[oss-security] 20081113 CVE request: wordpress can be subject of delayed attacks via cookies
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now