PT-2018-9525 · WordPress · Wordpress

Orange Tsai

+2

·

Publicado

2018-09-06

·

Atualizado

2018-11-14

·

CVE-2018-1000773

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.9.9
Description The issue is related to a CWE-20 Input Validation problem in thumbnail processing, which can lead to remote code execution. This can be exploited via thumbnail upload by an authenticated user. It may require additional plugins to be exploited, although this has not been confirmed.
Recommendations For WordPress versions prior to 4.9.9, update to version 4.9.9 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-1000773

Produtos afetados

Wordpress