Strike ID:
E19-0zvz1
CVSS:
4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
False Positive:
t
Variants:
32
Year:
2019

Description

The strikes emulates a path traversal attack on WordPress CMS platform. The attack can be carried by a low privileged user by providing a wp attached file parameter when editing media files, thus modifying post metadata. By leveraging this vulnerability with a local file inclusion exploit, an attacker may gain code execution on the host system.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}