CVE-2006-2702 — Wordpress vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

1.4%

top 19.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedMay 31

Latest updateMay 1

Description

vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.0.3-1 (bookworm)

▶Debianwordpress/wordpress< 2.0.3-1+3

▶NVDwordpress/wordpress2.0.2

🔴Vulnerability Details

GHSA

GHSA-x43j-vqrc-93c4: vars↗2022-05-01

▶

OSV

CVE-2006-2702: vars↗2006-05-31

▶

📋Vendor Advisories

Debian

CVE-2006-2702: wordpress - vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote at...↗2006

▶