[wp-trac] [WordPress Trac] #3142: user_edit.php vulnerable: User
can spy out metadata of other users
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 18 14:02:28 GMT 2006
#3142: user_edit.php vulnerable: User can spy out metadata of other users
----------------------------+-----------------------------------------------
Reporter: adapter | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone:
Component: Administration | Version: 2.0.4
Severity: major | Keywords: bug vulnerability
----------------------------+-----------------------------------------------
Every logged in user can spy out the metadata of all other users by typing
in the URL /wp-admin/user-edit.php?user_id=XXX irrespective if he has the
right to do this or not. If not in fact there will be shown the error
message "You do not have permission to edit this user." but after that
message the complete form with all data will also be shown.
--
Ticket URL: <http://trac.wordpress.org/ticket/3142>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list