CVE-2019-8943

CVE Database · CVE-2019-8943

CVE-2019-8943

· MEDIUMModified

CVSS v3.1

6.5

EPSS

91.98%

Published

Feb 20, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (4)

All weaponized →

Exploit-DBWordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)Exploit-DBWordPress Core 5.0 - Remote Code Execution NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-22

Affected Products (1)

wordpress · wordpressvulnerable

References (14)

http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/161213/WordPress-5.0.0-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce

ExploitThird Party Advisory

http://www.securityfocus.com/bid/107089

Third Party AdvisoryVDB Entry

https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/

KEV Catalog EPSS Scores Vendors All CVEs