WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an…
mitre·CWE-434·Published 2019-02-20
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
WordPress, en versiones anteriores a la 4.99 y en las 5.x anteriores a la 5.0.1, permite la ejecución remota de código debido a que una entrada "Post Meta" _wp_attached_file puede modificarse a una cadena arbitraria, como uno que termina en una subcadena ".jpg?file.php". Un atacante con privilegios de autor puede ejecutar código arbitrario subiendo una imagen manipulada que contiene código PHP en los metadatos Exif. Su explotación exitosa puede aprovechar el CVE-2019-8943.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.5 | 8.0 | 6.4 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| 3.0 | Primary | NVD | 8.8 | 2.8 | 5.9 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |