CVE-2008-6767Wordpress vulnerability

4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
0.7%
top 27.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedApr 28
Latest updateMay 17

Description

wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.8.3-1 (bookworm)
Debianwordpress/wordpress< 2.8.3-1+3

🔴Vulnerability Details

2
GHSA
GHSA-xvh9-mfm3-cvfq: wp-admin/upgrade2022-05-17
OSV
CVE-2008-6767: wp-admin/upgrade2009-04-28

📋Vendor Advisories

1
Debian
CVE-2008-6767: wordpress - wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to up...2008
CVE-2008-6767 — Debian Wordpress vulnerability | cvebase