7.2

CVE-2018-14028

EPSS 2.51%
Veröffentlicht 10.08.2018 16:29:00
Zuletzt bearbeitet 21.11.2024 03:48:28
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

WordPress Core < 6.4.3 - Authenticated(Administrator+) PHP File Upload

In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.

Mögliche Gegenmaßnahme

WordPress: Update to one of the following versions, or a newer patched version: 4.1.40, 4.2.37, 4.3.33, 4.4.32, 4.5.31, 4.6.28, 4.7.28, 4.8.24, 4.9.25, 5.0.21, 5.1.18, 5.2.20, 5.3.17, 5.4.15, 5.5.14, 5.6.13, 5.7.11, 5.8.9, 5.9.9, 6.0.7, 6.1.5, 6.2.4, 6.3.3, 6.4.3

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Weitere Schwachstelleninformationen

SystemWordPress Core

≫

Produkt WordPress

Version [*, 4.1)

Version 4.1 - 4.1.39

Version 4.2 - 4.2.36

Version 4.3 - 4.3.32

Version 4.4 - 4.4.31

Version 4.5 - 4.5.30

Version 4.6 - 4.6.27

Version 4.7 - 4.7.27

Version 4.8 - 4.8.23

Version 4.9 - 4.9.24

Version 5.0 - 5.0.20

Version 5.1 - 5.1.17

Version 5.2 - 5.2.19

Version 5.3 - 5.3.16

Version 5.4 - 5.4.14

Version 5.5 - 5.5.13

Version 5.6 - 5.6.12

Version 5.7 - 5.7.10

Version 5.8 - 5.8.8

Version 5.9 - 5.9.8

Version 6.0 - 6.0.6

Version 6.1 - 6.1.4

Version 6.2 - 6.2.3

Version 6.3 - 6.3.2

Version 6.4 - 6.4.2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wordpress ≫ Wordpress Version4.9.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.51%	0.848

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://www.securityfocus.com/bid/105060

Third Party Advisory

VDB Entry

https://core.trac.wordpress.org/ticket/44710

Third Party Advisory

https://github.com/rastating/wordpress-exploit-framework/pull/52

Third Party Advisory

https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0a6707ef-aab7-449c-8160-034bc188a998

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-14028

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14028

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14028

EUVD