9.8

CVE-2020-28037

WordPress Core < 5.5.2 - Misconfiguration That Allows Trigger of New Installation

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.35, 3.8.35, 3.9.33, 4.0.32, 4.1.32, 4.2.29, 4.3.25, 4.4.24, 4.5.23, 4.6.20, 4.7.19, 4.8.15, 4.9.16, 5.0.11, 5.1.7, 5.2.8, 5.3.5, 5.4.3, 5.5.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version < 5.5.2
FedoraprojectFedora Version31
FedoraprojectFedora Version32
FedoraprojectFedora Version33
DebianDebian Linux Version10.0
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 3.7)
Version 3.7-3.7.34
Version 3.8-3.8.34
Version 3.9-3.9.32
Version 4.0-4.0.31
Version 4.1-4.1.31
Version 4.2-4.2.28
Version 4.3-4.3.24
Version 4.4-4.4.23
Version 4.5-4.5.22
Version 4.6-4.6.19
Version 4.7-4.7.18
Version 4.8-4.8.14
Version 4.9-4.9.15
Version 5.0-5.0.10
Version 5.1-5.1.6
Version 5.2-5.2.7
Version 5.3-5.3.4
Version 5.4-5.4.2
Version 5.5-5.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.74% 0.939
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
Vendor Advisory
Release Notes
https://www.debian.org/security/2020/dsa-4784
Third Party Advisory
https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c
Patch
Third Party Advisory
https://wpscan.com/vulnerability/10450
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/b13f6a3f-cab6-4aff-a96e-58250fcf655a
Third Party Advisory