CVE-2017-1000600Improper Input Validation in Wordpress

CWE-20Improper Input Validation7 documents4 sources
Severity
8.8HIGHNVD
EPSS
19.8%
top 4.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedSep 6
Latest updateMay 14

Description

WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 4.9.1+dfsg-1 (bookworm)
NVDwordpress/wordpress< 4.9+1
Debianwordpress/wordpress< 4.9.1+dfsg-1+3

🔴Vulnerability Details

4
GHSA
GHSA-38pv-q5j7-w3w9: WordPress version <42022-05-14
GHSA
GHSA-25jw-j5g7-jrcc: WordPress version 42022-05-14
OSV
CVE-2018-1000773: WordPress version 42018-09-06
OSV
CVE-2017-1000600: WordPress version <42018-09-06

📋Vendor Advisories

1
Debian
CVE-2017-1000600: wordpress - WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumb...2017
CVE-2017-1000600 — Improper Input Validation | cvebase