CVE-2012-6634Wordpress vulnerability

CWE-2644 documents4 sources
Severity
6.4MEDIUMNVD
EPSS
0.8%
top 25.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJan 21
Latest updateMay 17

Description

wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 3.4+dfsg-1 (bookworm)
Debianwordpress/wordpress< 3.4+dfsg-1+3
NVDwordpress/wordpress3.3.2+16

🔴Vulnerability Details

2
GHSA
GHSA-44pr-x897-56j8: wp-admin/media-upload2022-05-17
OSV
CVE-2012-6634: wp-admin/media-upload2014-01-21

📋Vendor Advisories

1
Debian
CVE-2012-6634: wordpress - wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to o...2012
CVE-2012-6634 — Debian Wordpress vulnerability | cvebase