[wp-trac] Re: [WordPress Trac] #3142: user_edit.php vulnerable:
User can spy out metadata of other users
WordPress Trac
wp-trac at lists.automattic.com
Sat Sep 23 13:04:54 GMT 2006
#3142: user_edit.php vulnerable: User can spy out metadata of other users
-------------------------------+--------------------------------------------
Reporter: adapter | Owner: anonymous
Type: defect | Status: closed
Priority: high | Milestone: 2.1
Component: Administration | Version: 2.0.4
Severity: major | Resolution: fixed
Keywords: bug vulnerability |
-------------------------------+--------------------------------------------
Changes (by adapter):
* resolution: => fixed
* status: new => closed
Comment:
Thanks foolswisdom. You're right. This bug was caused by my-hacks.php. In
one of my blogs I've implemented a user-tracking-functions and there I'm
using $user_id for the ID of the user logged in. Sorry!
But I'm running several installations of wordpress, some of them without
any changes and in all of them you can spy out user-data.
But it's easy to patch: Add this line of code in line 71 of user-edit.php:
{{{
<?php if (!current_user_can('edit_users')) { include('admin-footer.php');
die(); } ?>
}}}
--
Ticket URL: <http://trac.wordpress.org/ticket/3142>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list