CVE-2008-5113

Published: Nov 17, 2008Modified: Apr 23, 2026

4.0

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:P

Exploitability: 4.9 / Impact: 4.9

Source: NVD

Description

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.

Affected (1)

Products: Wordpress: Wordpress

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wordpress Wordpress	Version 2.6.3

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://bugs.debian.org/504771

Source: cve@mitre.org

http://openwall.com/lists/oss-security/2008/11/14/1

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1871

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/46698

Source: cve@mitre.org

http://bugs.debian.org/504771

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2008/11/14/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1871

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/46698

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.