Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-6762

Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.

Related bugs and status

CVE-2008-6762 (Candidate) is related to these bugs:

Bug #227547: ubuntu wordpress should suppress the "please update" warning

		In	Importance	Status
227547	ubuntu wordpress should suppress the "please update" warning	wordpress (Ubuntu)	Wishlist	Fix Released
227547	ubuntu wordpress should suppress the "please update" warning	wordpress (Debian)	Undecided	Fix Released
227547	ubuntu wordpress should suppress the "please update" warning	wordpress (Ubuntu Intrepid)	Undecided	Fix Released
227547	ubuntu wordpress should suppress the "please update" warning	wordpress (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20081222 [ISecAuditors...
OSVDB: 52213
DEBIAN: DSA-1871
XF: wordpress-upgrade-phis...