CVE-2008-2146
EPSS 0.58%
Description
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.
How to fix CVE-2008-2146
To remediate CVE-2008-2146, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 2.2.3-1 or later
Is CVE-2008-2146 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.3-1