Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-y7g6-dm2h-p7ax
Vulnerability ID VCID-y7g6-dm2h-p7ax
Aliases CVE-2008-2146
Summary wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00583 https://api.first.org/data/v1/epss?cve=CVE-2008-2146
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2008-2146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2146
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.69298
EPSS Score 0.00583
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T13:40:56.754737+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0