E19-0zvz1
CVSS:
6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
False Positive:
f
Variants:
8
Year:
2019
Description
The strikes emulates a path traversal attack on WordPress CMS platform. The attack can be carried by a low privileged user by providing a '_wp_attached_file' parameter when editing media files, thus modifying post metadata. By leveraging this vulnerability with a local file inclusion exploit, an attacker may gain code execution on the host system.