Updated CVE 2014 0165 (markdown)
Ryan Dewhurst
@@ -1,9 +1,17 @@
|
||||
From the researcher (edik) who found the vulnerability:
|
||||
|
||||
Using the bulk edit feature you can publish posts and pages PUBLICLY without the publishing-cap. The problem is that there are no checks for publishing-cap's on serverside. It's only protected in UI.
|
||||
|
||||
How to reproduce:
|
||||
|
||||
1. Login as contributor
|
||||
|
||||
2. Create a draft post
|
||||
|
||||
3. Mark the draft in post list and open the bulk edit form
|
||||
4. Make use of tools like Firebug to change a value in the status dropdown. You have to set the value of an entry to 'publish'
|
||||
5. Select the changed status entry
|
||||
6. Push the button and welcome to the next level
|
||||
|
||||
4. Make use of tools like Firebug to change a value in the status dropdown. You have to set the value of an entry to 'publish'
|
||||
|
||||
5. Select the changed status entry
|
||||
|
||||
6. Push the button and welcome to the next level
|
||||
|
||||
Reference in New Issue
Block a user