CVE-2008-2146

EPSS 0.58%

Published: 5/12/2008Modified: 5/27/2026

Description

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.

Affected packages (1)

Debian/wordpressfrom 0, < 2.2.3-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-2146