CVE-2014-9037 Information
Share on:
Feb 14, 2021
cve
Description
WordPress before 3.7.5 3.8.x before 3.8.5 3.9.x before 3.9.3 and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
Reference
http://advisories.mageia.org/MGASA-2014-0493.html http://openwall.com/lists/oss-security/2014/11/25/12 http://www.debian.org/security/2014/dsa-3085 http://www.mandriva.com/security/advisories?name=MDVSA-2014:233 http://www.securitytracker.com/id/1031243 https://wordpress.org/news/2014/11/wordpress-4-0-1/