CVE-2018-0587

EPSS 1.08%
Veröffentlicht 14.05.2018 13:29:02
Zuletzt bearbeitet 21.11.2024 03:38:32
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Ultimate Member <= 2.0.3 - Unauthorized Image File Upload

Ultimate Member < 2.0.4 - Authenticated Unrestricted File Upload

Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.

Mögliche Gegenmaßnahme

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin: Update to version 2.0.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ultimatemember ≫ User Profile & Membership SwPlatformwordpress Version < 2.0.4

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Version *-2.0.3

SystemWordPress Plugin

≫

Produkt Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Version [*, 2.0.4)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.08%	0.606

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://wordpress.org/plugins/ultimate-member/#developers

Release Notes

http://jvn.jp/en/jp/JVN28804532/index.html

Third Party Advisory

https://wpvulndb.com/vulnerabilities/9608

https://www.wordfence.com/threat-intel/vulnerabilities/id/5e75e877-14e6-4e51-b435-d78f8ab95d12

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2af96c-09c5-4ddf-a910-04291aeeef49

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0587

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0587

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0587

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-0587