CVE-2008-5113

描述

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.

如何修補 CVE-2008-5113

要修補 CVE-2008-5113,請將受影響套件升級到下列已修補版本。

• Debian/wordpress—升級至 2.5.1-10 或更新版本

CVE-2008-5113 正在被利用嗎?

低 — EPSS 為 0.3%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 2.5.1-10

參考連結(1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-5113