9.8

CVE-2017-16949

Exploit

AccessPress Anonymous Post Pro <= 3.1.9 - Unauthenticated Arbitrary File Upload

An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.
Mögliche Gegenmaßnahme
accesspress-anonymous-post-pro: Update to version 3.2.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AccesspressthemesAnonymous Post Pro SwPlatformwordpress Version <= 3.1.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt accesspress-anonymous-post-pro
Version [*, 3.2.0)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 19.15% 0.97
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://packetstormsecurity.com/files/145398/Accesspress-Anonymous-Post-Pro-Unauthenticated-Arbitrary-File-Upload.html
Third Party Advisory
Exploit
VDB Entry
https://wpvulndb.com/vulnerabilities/8977
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/43324/
Third Party Advisory
Exploit
VDB Entry
https://www.wordfence.com/threat-intel/vulnerabilities/id/9758a59c-4370-4b26-b32a-004565f28d76
Third Party Advisory