Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-0701 | First vendor Publication | 2011-03-14 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0701 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12966 | |||
| Oval ID: | oval:org.mitre.oval:def:12966 | ||
| Title: | DSA-2190-1 wordpress -- several | ||
| Description: | Two XSS bugs and one potential information disclosure issue were discovered in wordpress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0700 Input passed via the post title when performing a "Quick Edit" or "Bulk Edit" action and via the "post_status", "comment_status", and "ping_status" parameters is not properly sanitised before being used. Certain input passed via tags in the tags meta-box is not properly sanitised before being returned to the user. CVE-2011-0701 Wordpress incorrectly enforces user access restrictions when accessing posts via the media uploader and can be exploited to disclose the contents of e.g. private or draft posts. The oldstable distribution is not affected by these problems. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2190-1 CVE-2011-0700 CVE-2011-0701 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | wordpress |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-09-22 | Name : Fedora Update for wordpress FEDORA-2012-13412 File : nvt/gb_fedora_2012_13412_wordpress_fc17.nasl |
| 2012-09-22 | Name : Fedora Update for wordpress FEDORA-2012-13488 File : nvt/gb_fedora_2012_13488_wordpress_fc16.nasl |
| 2012-08-30 | Name : Fedora Update for wordpress FEDORA-2012-6494 File : nvt/gb_fedora_2012_6494_wordpress_fc17.nasl |
| 2012-05-14 | Name : Fedora Update for wordpress FEDORA-2012-6511 File : nvt/gb_fedora_2012_6511_wordpress_fc15.nasl |
| 2012-05-14 | Name : Fedora Update for wordpress FEDORA-2012-6542 File : nvt/gb_fedora_2012_6542_wordpress_fc16.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2190-1 (wordpress) File : nvt/deb_2190_1.nasl |
| 2011-04-01 | Name : Fedora Update for wordpress FEDORA-2011-3738 File : nvt/gb_fedora_2011_3738_wordpress_fc13.nasl |
| 2011-04-01 | Name : Fedora Update for wordpress FEDORA-2011-3746 File : nvt/gb_fedora_2011_3746_wordpress_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 72765 | WordPress wp-admin/async-upload.php attachment_id Parameter Arbitrary Draft /... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-03-30 | Name : The remote Fedora host is missing a security update. File : fedora_2011-3738.nasl - Type : ACT_GATHER_INFO |
| 2011-03-30 | Name : The remote Fedora host is missing a security update. File : fedora_2011-3746.nasl - Type : ACT_GATHER_INFO |
| 2011-03-22 | Name : The remote Fedora host is missing a security update. File : fedora_2011-3408.nasl - Type : ACT_GATHER_INFO |
| 2011-03-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2190.nasl - Type : ACT_GATHER_INFO |
| 2011-02-10 | Name : The remote web server contains a PHP application with multiple vulnerabilities. File : wordpress_3_0_5.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:05:42 |
|
| 2024-11-28 12:24:48 |
|
| 2024-08-02 12:15:52 |
|
| 2024-08-02 01:04:22 |
|
| 2024-02-02 01:15:24 |
|
| 2024-02-01 12:04:17 |
|
| 2023-09-05 12:14:24 |
|
| 2023-09-05 01:04:09 |
|
| 2023-09-02 12:14:27 |
|
| 2023-09-02 01:04:12 |
|
| 2023-08-12 12:17:23 |
|
| 2023-08-12 01:04:13 |
|
| 2023-08-11 12:14:32 |
|
| 2023-08-11 01:04:21 |
|
| 2023-08-06 12:13:58 |
|
| 2023-08-06 01:04:14 |
|
| 2023-08-04 12:14:03 |
|
| 2023-08-04 01:04:15 |
|
| 2023-07-14 12:14:01 |
|
| 2023-07-14 01:04:12 |
|
| 2023-03-29 01:15:57 |
|
| 2023-03-28 12:04:18 |
|
| 2022-10-11 12:12:30 |
|
| 2022-10-11 01:03:59 |
|
| 2021-05-04 12:13:59 |
|
| 2021-04-22 01:15:09 |
|
| 2020-05-23 01:43:52 |
|
| 2020-05-23 00:27:47 |
|
| 2019-06-11 12:03:46 |
|
| 2019-02-28 12:03:31 |
|
| 2017-11-22 21:22:37 |
|
| 2017-11-21 12:02:59 |
|
| 2016-04-26 20:32:45 |
|
| 2014-02-17 11:00:27 |
|
| 2013-05-10 22:54:32 |
|
