Published: 13/08/2009 Updated: 22/11/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

wp-login.php in WordPress 2.8.3 and previous versions allows remote malicious users to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress

============================================= - Release date: August 10th, 2009 - Discovered by: Laurent GaffiÃ© - Severity: Medium ============================================= I VULNERABILITY ------------------------- WordPress <= 283 Remote admin reset password II BACKGROUND ------------------------- WordPress is a state-of-the-art pu ...

# WordPress 261 SQL Column Truncation Vulnerability (PoC) # # found by irk4z[at]yahoopl # homepage: irk4zwordpresscom/ # # this is not critical vuln [; # # first, read this discovery: # wwwsuspektorg/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/ # # in this hack we can remote change admin password, if registratio ...

#!/usr/bin/php <?php # ------------------------------------------------------------ # quick'n'dirty wordpress admin-take0ver poc # by iso^kpsbr in august 2oo8 # # works w/ wordpress 261 # # oO( private -- do not spread! )Oo # # you'll have to make sure you run roughly the same # php version as on the server, that is: if server # is ...

312codepath, CodePath Week 7 Assignment Logan Louks 11/6/2018 Directions: For this week's assignment, discover and demonstrate similar proofs-of-concept for at least an additional three and (up to five) exploits affecting an older version of WP Submit the write-ups and walkthroughs via Github Check out the Submitting Assignments page for more details Be sure to include

CWE-255 http://wordpress.org/development/2009/08/2-8-4-security-release/http://core.trac.wordpress.org/changeset/11798 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html http://www.securityfocus.com/bid/36014 http://www.securitytracker.com/id?1022707 http://secunia.com/advisories/36237 https://exchange.xforce.ibmcloud.com/vulnerabilities/52382 http://www.exploit-db.com/exploits/9410 https://nvd.nist.gov https://github.com/llouks/cst312 https://www.exploit-db.com/exploits/9410/

CVE-2009-2762

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect