Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-2762
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-13 Aug, 2009 | 16:30
Updated At-22 Nov, 2017 | 17:17

wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
WordPress.org
wordpress
>>wordpress>>Versions up to 2.8.3(inclusive)
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-255Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.htmlcve@mitre.org
Broken Link
http://core.trac.wordpress.org/changeset/11798cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/36237cve@mitre.org
Third Party Advisory
http://wordpress.org/development/2009/08/2-8-4-security-release/cve@mitre.org
Patch
Vendor Advisory
http://www.exploit-db.com/exploits/9410cve@mitre.org
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/36014cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022707cve@mitre.org
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/52382cve@mitre.org
Third Party Advisory
VDB Entry
Change History
0Changes found
Details not found