Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.

Published

2019-02-20T03:29:00.250

Last Modified

2024-11-21T04:50:42.360

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wordpress	wordpress	< 4.9.9	Yes
Application	wordpress	wordpress	5.0	Yes
Application	wordpress	wordpress	5.0	Yes
Application	wordpress	wordpress	5.0	Yes
Application	wordpress	wordpress	5.0	Yes
Application	wordpress	wordpress	5.0	Yes
Application	wordpress	wordpress	5.0	Yes
Application	wordpress	wordpress	5.0	Yes
Application	wordpress	wordpress	5.0	Yes
Application	wordpress	wordpress	5.0	Yes
Operating System	debian	debian_linux	9.0	Yes

References

http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce Exploit, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/107088 Third Party Advisory, VDB Entry ([email protected])
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ Exploit, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html Exploit, Third Party Advisory ([email protected])
https://wpvulndb.com/vulnerabilities/9222 Third Party Advisory ([email protected])
https://www.debian.org/security/2019/dsa-4401 Third Party Advisory ([email protected])
https://www.exploit-db.com/exploits/46511/ Exploit, Third Party Advisory, VDB Entry ([email protected])
https://www.exploit-db.com/exploits/46662/ Exploit, Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/107088 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://wpvulndb.com/vulnerabilities/9222 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4401 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46511/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46662/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)