8.8

CVE-2019-8942

Exploit

WordPress Core < 5.0.1 - Remote Code Execution

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.28, 3.8.28, 3.9.26, 4.0.25, 4.1.25, 4.2.22, 4.3.18, 4.4.17, 4.5.16, 4.6.13, 4.7.12, 4.8.8, 4.9.9, 5.0.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version < 4.9.9
WordpressWordpress Version5.0 Update-
WordpressWordpress Version5.0 Updatebeta1
WordpressWordpress Version5.0 Updatebeta2
WordpressWordpress Version5.0 Updatebeta3
WordpressWordpress Version5.0 Updatebeta4
WordpressWordpress Version5.0 Updatebeta5
WordpressWordpress Version5.0 Updaterc1
WordpressWordpress Version5.0 Updaterc2
WordpressWordpress Version5.0 Updaterc3
DebianDebian Linux Version9.0
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 3.7)
Version 3.7-3.7.27
Version 3.8-3.8.27
Version 3.9-3.9.25
Version 4.0-4.0.24
Version 4.1-4.1.24
Version 4.2-4.2.21
Version 4.3-4.3.17
Version 4.4-4.4.16
Version 4.5-4.5.15
Version 4.6-4.6.12
Version 4.7-4.7.11
Version 4.8-4.8.7
Version 4.9-4.9.8
Version 5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 82.74% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.debian.org/security/2019/dsa-4401
Third Party Advisory
http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html
Third Party Advisory
Exploit
VDB Entry
http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
Third Party Advisory
Exploit
http://www.securityfocus.com/bid/107088
Third Party Advisory
VDB Entry
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Third Party Advisory
Exploit
https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html
Third Party Advisory
Exploit
https://wpvulndb.com/vulnerabilities/9222
Third Party Advisory
https://www.exploit-db.com/exploits/46511/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/46662/
Third Party Advisory
Exploit
VDB Entry
https://www.wordfence.com/threat-intel/vulnerabilities/id/506d1518-658f-4deb-9c30-d0bce5ef9df4
Third Party Advisory