WordPress.org

Make WordPress Core

Ticket #10735: 009CVE2008-6767.patch

File 009CVE2008-6767.patch, 1.2 KB (added by Derevko, 6 years ago)

Only admin can upgrade wordpress. (CVE-2008-6767)

  • wp-admin/upgrade.php

    Author: Giuseppe Iuculano <giuseppe@iuculano.it>
    Description: Only admin can upgrade wordpress. (CVE-2008-6767) (Closes: #531736)
    a b define( 'WP_INSTALLING', true ); 
    1616 
    1717/** Load WordPress Bootstrap */ 
    1818require( '../wp-load.php' ); 
     19if(!current_user_can('level_10')) 
     20        wp_safe_redirect('../wp-login.php?upgrade'); 
    1921 
    2022timer_start(); 
    2123require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); 
  • wp-login.php

    a b default: 
    494494        elseif  ( isset($_GET['checkemail']) && 'confirm' == $_GET['checkemail'] )      $errors->add('confirm', __('Check your e-mail for the confirmation link.'), 'message'); 
    495495        elseif  ( isset($_GET['checkemail']) && 'newpass' == $_GET['checkemail'] )      $errors->add('newpass', __('Check your e-mail for your new password.'), 'message'); 
    496496        elseif  ( isset($_GET['checkemail']) && 'registered' == $_GET['checkemail'] )   $errors->add('registered', __('Registration complete. Please check your e-mail.'), 'message'); 
     497        elseif  ( isset($_GET['upgrade'])) $errors->add('upgrade', __('Upgrade is needed, please log in with an admin account.'), 'message'); 
    497498 
    498499        login_header(__('Log In'), '', $errors); 
    499500