Here's the page we think you wanted. See search results instead:

Toggle Menu

Chat Live

Confirm Your Country or Area

Please Confirm

Confirm your country to access relevant pricing, special offers, events, and contact information.

What are you looking for?

MXG Signal Generator UXA Signal Analyzer UXM for Wi-Fi 7 PXA Signal Analyzer Find a solution Get technical support Take a class Find us at events Premium used equipment KeysightCare Buy online

No product matches found - System Exception

WordPress Core Authenticated Directory Traversal

Strike ID:

E18-5jtr1

CVSS:

7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

False Positive:

Variants:

Year:

2018

Description

The strike exploits an authenticated directory traversal vulnerability in WordPress platform. The vulnerability is due to the lack of sanitization of the 'thumb' POST parameter while handling media files metadata within 'post.php', and can be exploited by any account with edit rights. As a consequence, an attacker may delete arbitrary files within the file system which can be leveraged to code execution by changing the platform's configuration.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12895

References

http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/

Welcome

What are you looking for?

WordPress Core Authenticated Directory Traversal

Description

CVE

References

Bid