CVE-2008-5113Cross-Site Request Forgery in Wordpress

CWE-352Cross-Site Request Forgery9 documents6 sources
Severity
4.0MEDIUMNVD
EPSS
0.3%
top 46.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedNov 17
Latest updateMay 17

Description

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.

CVSS vector

AV:N/AC:H/C:N/I:P/A:PExploitability: 4.9 | Impact: 4.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.5.1-10 (bookworm)
Debianwordpress/wordpress< 2.5.1-10+3

🔴Vulnerability Details

2
GHSA
GHSA-m5gr-m2fc-vhr6: WordPress 22022-05-17
OSV
CVE-2008-5113: WordPress 22008-11-17

📋Vendor Advisories

2
Red Hat
wordpress delayed attack via cookies2008-11-06
Debian
CVE-2008-5113: wordpress - WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous sit...2008

💬Community

4
Bugzilla
CVE-2008-5113 wordpress delayed attack via cookies [Fdevel]2008-11-18
Bugzilla
CVE-2008-5113 wordpress delayed attack via cookies2008-11-18
Bugzilla
CVE-2008-5113 wordpress delayed attack via cookies [F9]2008-11-18
Bugzilla
CVE-2008-5113 wordpress delayed attack via cookies [F8]2008-11-18
CVE-2008-5113 — Cross-Site Request Forgery in Wordpress | cvebase