CVE-2019-8943
published 2019-02-20CVE-2019-8943: WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary…
PriorityP269medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EXPLOIT
EPSS
91.98%
99.8th percentile
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| baserproject | basercms | >= 0 < 5.2.3 | 5.2.3 |
| debian | debian_linux | — | — |
| debian | wordpress | < wordpress 5.0.1+dfsg1-1 (bookworm) | wordpress 5.0.1+dfsg1-1 (bookworm) |
| debian | wordpress | — | — |
| wordpress | wordpress | < 4.9.9 | 4.9.9 |
| wordpress | wordpress | <= 5.0.3 | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | >= 0 < 5.0.1+dfsg1-1 | 5.0.1+dfsg1-1 |
| wordpress | wordpress | >= 0 < 5.0.1+dfsg1-1 | 5.0.1+dfsg1-1 |
| wordpress | wordpress | >= 0 < 5.0.1+dfsg1-1 | 5.0.1+dfsg1-1 |
| wordpress | wordpress | >= 0 < 5.0.1+dfsg1-1 | 5.0.1+dfsg1-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect directory traversal sequences (e.g., ../) appearing in URI query strings targeting WordPress wp-content/uploads paths, as used in the CVE-2019-8943 path traversal exploit. ↗
- →Monitor POST requests to WordPress media/post edit endpoints for the presence of a 'file' parameter in the request body, which is anomalous and indicative of CVE-2019-8942 exploitation (chained with CVE-2019-8943). ↗
- →Alert on image filenames containing two image extensions combined with ../ path traversal sequences (e.g., matching pattern *.jpg?../../*.jpg) in WordPress crop-image requests. ↗
- →Monitor for changes to the _wp_attached_file meta_key in the WordPress postmeta database table to values containing path traversal sequences, which indicates active exploitation. ↗
- →The Metasploit module wp_crop_rce targets WordPress versions 5.0.0 and <= 4.9.8 on Unix-based systems; detect exploit attempts by monitoring for crop-image requests that modify _wp_page_template to include an uploaded image path. ↗
- ·The URL-based file access fallback in wp_crop_image (used in the exploit) requires file replication plugins to be installed on the WordPress site; without such plugins the URL-based attack path may not be available. ↗
- ·The Metasploit exploit module for this vulnerability only works on Unix-based systems. ↗
- ·Exploitation requires the attacker to have at least author-level privileges on the WordPress site. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
osv8.8HIGH
vulncheck8.8HIGH
vendor_debian8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
ghsa·2026-03-31
CVE-2026-30940 [HIGH] CWE-22 baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
## Summary
A path traversal vulnerability exists in the baserCMS 5.x theme file management API (`/baser/api/admin/bc-theme-file/theme_files/add.json`) that allows arbitrary file write.
An authenticated administrator can include `../` sequences in the `path` parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE).
## Affected Code
**File**: `plugins/bc-theme-file/src/Service/BcThemeFileService.php`
```php
public function getFullpath(string $theme, string $plugin, string $type, string $path)
{
// ...
return $viewPath . $type . DS . $path; // $path is not sanitized
}
```
## Attack Scenario
1. The attacker compromises an administ
OSV
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
osv·2026-03-31
CVE-2026-30940 [HIGH] baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
## Summary
A path traversal vulnerability exists in the baserCMS 5.x theme file management API (`/baser/api/admin/bc-theme-file/theme_files/add.json`) that allows arbitrary file write.
An authenticated administrator can include `../` sequences in the `path` parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE).
## Affected Code
**File**: `plugins/bc-theme-file/src/Service/BcThemeFileService.php`
```php
public function getFullpath(string $theme, string $plugin, string $type, string $path)
{
// ...
return $viewPath . $type . DS . $path; // $path is not sanitized
}
```
## Attack Scenario
1. The attacker compromises an administ
GHSA
GHSA-rwhm-6hw4-9fgg: WordPress before 4
ghsa_unreviewed·2022-05-13·CVSS 6.5
CVE-2019-8942 [MEDIUM] CWE-434 GHSA-rwhm-6hw4-9fgg: WordPress before 4
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
GHSA
GHSA-558v-vpgj-m324: WordPress through 5
ghsa_unreviewed·2022-05-13
CVE-2019-8943 [MEDIUM] CWE-22 GHSA-558v-vpgj-m324: WordPress through 5
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
OSV
CVE-2019-8942: WordPress before 4
osv·2019-02-20·CVSS 8.8
CVE-2019-8942 [HIGH] CVE-2019-8942: WordPress before 4
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
OSV
CVE-2019-8943: WordPress through 5
osv·2019-02-20·CVSS 6.5
CVE-2019-8943 [MEDIUM] CVE-2019-8943: WordPress through 5
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
VulnCheck
WordPress wordpress Unrestricted Upload of File with Dangerous Type
vulncheck·2019·CVSS 8.8
CVE-2019-8942 [HIGH] WordPress wordpress Unrestricted Upload of File with Dangerous Type
WordPress wordpress Unrestricted Upload of File with Dangerous Type
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
Affected: WordPress wordpress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/
Exploit PoC: https://vulncheck.com/xdb/8bf043a44c24; https://vu
Debian
CVE-2019-8942: wordpress - WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because...
vendor_debian·2019·CVSS 8.8
CVE-2019-8942 [HIGH] CVE-2019-8942: wordpress - WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because...
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
Scope: local
bookworm: resolved (fixed in 5.0.1+dfsg1-1)
bullseye: resolved (fixed in 5.0.1+dfsg1-1)
forky: resolved (fixed in 5.0.1+dfsg1-1)
sid: resolved (fixed in 5.0.1+dfsg1-1)
trixie: resolved (fixed in 5.0.1+dfsg1-1)
Debian
CVE-2019-8943: wordpress - WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (w...
vendor_debian·2019·CVSS 6.5
CVE-2019-8943 [MEDIUM] CVE-2019-8943: wordpress - WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (w...
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
Scope: local
bookworm: undetermined
bullseye: undetermined
forky: undetermined
sid: undetermined
trixie: undetermined
No detection rules found.
Exploit-DB
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
exploitdb·2019-04-05
CVE-2019-8943 WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'WordPress Crop-image Shell Upload',
'Description' => %q{
This module exploits a path traversal and a local file inclusion
vulnerability on WordPress versions 5.0.0 and MSF_LICENSE,
'Author' =>
[
'RIPSTECH Technology', # Discovery
'Wilfried Becard ' # Metasploit module
],
'References' =>
[
[ 'CVE', '2019-8942' ],
[ 'CVE', '2019-8943' ],
[ 'URL', 'https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/']
],
'DisclosureDate' => 'Feb 19 2019',
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Targets' => [['WordPress', {}]],
'DefaultTarget' => 0
))
register_opti
Exploit-DB
WordPress Core 5.0 - Remote Code Execution
exploitdb·2019-03-01
CVE-2019-8943 WordPress Core 5.0 - Remote Code Execution
WordPress Core 5.0 - Remote Code Execution
---
var wpnonce = '';
var ajaxnonce = '';
var wp_attached_file = '';
var imgurl = '';
var postajaxdata = '';
var post_id = 0;
var cmd = '<?php phpinfo();/*';
var cmdlen = cmd.length
var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00
Metasploit
WordPress Crop-image Shell Upload
metasploit
WordPress Crop-image Shell Upload
WordPress Crop-image Shell Upload
This module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and <= 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.
Nuclei
WordPress Core 5.0.0 - Crop-image Shell Upload
nuclei·CVSS 6.5
CVE-2019-8943 [MEDIUM] WordPress Core 5.0.0 - Crop-image Shell Upload
WordPress Core 5.0.0 - Crop-image Shell Upload
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
Template:
id: CVE-2019-8943
info:
name: WordPress Core 5.0.0 - Crop-image Shell Upload
author: sttlr
severity: medium
description: |
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
impact: |
Au
Trendmicro
Remote Code Execution-Sicherheitslücken in WordPress
blogs_trendmicro·2019-03-01·CVSS 8.8
[HIGH] Remote Code Execution-Sicherheitslücken in WordPress
Ausnutzung von Schwachstellen
## Remote Code Execution-Sicherheitslücken in WordPress
WordPress steht aufgrund der reichhaltigen Funktionalität und der hohen Benutzerfreundlichkeit hinter nahezu 33 Prozent der heutigen Websites. Damit aber ist das CMS auch ein offensichtliches Ziel für Cyberkriminelle.
By: Suraj Sahu, Jayesh Patel Mar 01, 2019 Read time: ( words)
Save to Folio
Originalbeitrag von Suraj Sahu und Jayesh Patel, Vulnerability Researchers
Das quelloffene Content Management System WordPress steht aufgrund der reichhaltigen Funktionalität und der hohen Benutzerfreundlichkeit hinter nahezu 33 Prozent der heutigen Websites. Damit aber ist das CMS auch ein offensichtliches Ziel für Cyberkriminelle, und es bedarf lediglich einer Schwachstelle, damit die kriminellen Hintermänner
Trendmicro
Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
blogs_trendmicro·2019-02-26·CVSS 8.8
CVE-2019-8942 [HIGH] Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
Sfruttamento vulnerabilità
## Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
This blog post expounds the technical details of the vulnerabilities CVE-2019-8942 and CVE-2019-8943, specifically, how a potential attack could look like and the parameters that are added to take advantage of a vulnerable WordPress site."
By: Suraj Sahu, Jayesh Patel Feb 26, 2019 Read time: ( words)
Save to Folio
With its open-source, feature-rich, and user-friendly content management system (CMS), WordPress powers nearly 33 percent of today’s websites. This popularity is also what makes them an obvious cybercriminal target. All it could take is a vulnerability to gain a foothold on a website’s sensitive data. This could be compounded by security issues that can be brought by outdated websites or use o
Trendmicro
Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
blogs_trendmicro·2019-02-26·CVSS 8.8
CVE-2019-8942 [HIGH] Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
Exploits y vulnerabilidades
## Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
This blog post expounds the technical details of the vulnerabilities CVE-2019-8942 and CVE-2019-8943, specifically, how a potential attack could look like and the parameters that are added to take advantage of a vulnerable WordPress site."
By: Suraj Sahu, Jayesh Patel Feb 26, 2019 Read time: ( words)
Save to Folio
With its open-source, feature-rich, and user-friendly content management system (CMS), WordPress powers nearly 33 percent of today’s websites. This popularity is also what makes them an obvious cybercriminal target. All it could take is a vulnerability to gain a foothold on a website’s sensitive data. This could be compounded by security issues that can be brought by outdated websites or use
Trendmicro
Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
blogs_trendmicro·2019-02-26·CVSS 8.8
CVE-2019-8942 [HIGH] Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
Exploits & Vulnerabilities
## Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
This blog post expounds the technical details of the vulnerabilities CVE-2019-8942 and CVE-2019-8943, specifically, how a potential attack could look like and the parameters that are added to take advantage of a vulnerable WordPress site."
By: Suraj Sahu, Jayesh Patel 2019/02/26 Read time: ( words)
Save to Folio
With its open-source, feature-rich, and user-friendly content management system (CMS), WordPress powers nearly 33 percent of today’s websites. This popularity is also what makes them an obvious cybercriminal target. All it could take is a vulnerability to gain a foothold on a website’s sensitive data. This could be compounded by security issues that can be brought by outdated websites or use of
Trendmicro
Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
blogs_trendmicro·2019-02-26·CVSS 8.8
CVE-2019-8942 [HIGH] Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
Exploits & Vulnerabilities
# Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
This blog post expounds the technical details of the vulnerabilities CVE-2019-8942 and CVE-2019-8943, specifically, how a potential attack could look like and the parameters that are added to take advantage of a vulnerable WordPress site."
By: Suraj Sahu, Jayesh Patel
Feb 26, 2019
Read time: ( words)
Save to Folio
With its open-source, feature-rich, and user-friendly content management system (CMS), WordPress powers nearly 33 percent of today’s websites. This popularity is also what makes them an obvious cybercriminal target. All it could take is a vulnerability to gain a foothold on a website’s sensitive data. This could be compounded by security issues that can be brought by outdated websites or use o
Trendmicro
Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
blogs_trendmicro·2019-02-26·CVSS 8.8
CVE-2019-8942 [HIGH] Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
Exploits & Vulnerabilities
# Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
This blog post expounds the technical details of the vulnerabilities CVE-2019-8942 and CVE-2019-8943, specifically, how a potential attack could look like and the parameters that are added to take advantage of a vulnerable WordPress site."
By: Suraj Sahu, Jayesh Patel
2019/02/26
Read time: ( words)
Save to Folio
With its open-source, feature-rich, and user-friendly content management system (CMS), WordPress powers nearly 33 percent of today’s websites. This popularity is also what makes them an obvious cybercriminal target. All it could take is a vulnerability to gain a foothold on a website’s sensitive data. This could be compounded by security issues that can be brought by outdated websites or use of
Trendmicro
Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
blogs_trendmicro·2019-02-26·CVSS 8.8
CVE-2019-8942 [HIGH] Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
Exploits & Vulnerabilities
## Wordpress: Analyzing CVE-2019-8942 and CVE-2019-8943
This blog post expounds the technical details of the vulnerabilities CVE-2019-8942 and CVE-2019-8943, specifically, how a potential attack could look like and the parameters that are added to take advantage of a vulnerable WordPress site."
By: Suraj Sahu, Jayesh Patel Feb 26, 2019 Read time: ( words)
Save to Folio
With its open-source, feature-rich, and user-friendly content management system (CMS), WordPress powers nearly 33 percent of today’s websites. This popularity is also what makes them an obvious cybercriminal target. All it could take is a vulnerability to gain a foothold on a website’s sensitive data. This could be compounded by security issues that can be brought by outdated websites or use o
Bugzilla
CVE-2019-8943 wordpress: path traversal in wp_crop_image()
bugzilla·2019-02-20·CVSS 6.5
CVE-2019-8943 [MEDIUM] CVE-2019-8943 wordpress: path traversal in wp_crop_image()
CVE-2019-8943 wordpress: path traversal in wp_crop_image()
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker
(who has privileges to crop an image) can write the output image to an arbitrary
directory via a filename containing two image extensions and ../ sequences, such
as a filename ending with the .jpg?/../../file.jpg substring.
Reference:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Discussion:
Created wordpress tracking bugs for this issue:
Affects: fedora-all [bug 1679154]
---
Created wordpress tracking bugs for this issue:
Affects: epel-all [bug 1679155]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the
Bugzilla
CVE-2019-8942 wordpress: Author users can execute arbitrary code by leveraging path traversal
bugzilla·2019-02-20·CVSS 8.8
CVE-2019-8942 [HIGH] CVE-2019-8942 wordpress: Author users can execute arbitrary code by leveraging path traversal
CVE-2019-8942 wordpress: Author users can execute arbitrary code by leveraging path traversal
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because
an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such
as one ending with a .jpg?file.php substring. An attacker with author privileges
can execute arbitrary code by uploading a crafted image containing PHP code in
the Exif metadata. Exploitation can leverage CVE-2019-8943.
Reference:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Discussion:
Created wordpress tracking bugs for this issue:
Affects: fedora-all [bug 1679154]
---
Created wordpress tracking bugs for this issue:
Affects: epel-all [bug 1679155]
---
This CVE Bugzilla entry is for community support in
Bugzilla
CVE-2019-8942 CVE-2019-8943 wordpress: various flaws [fedora-all]
bugzilla·2019-02-20·CVSS 8.8
CVE-2019-8942 [HIGH] CVE-2019-8942 CVE-2019-8943 wordpress: various flaws [fedora-all]
CVE-2019-8942 CVE-2019-8943 wordpress: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2019-8942 CVE-2019-8943 wordpress: various flaws [epel-all]
bugzilla·2019-02-20·CVSS 8.8
CVE-2019-8942 [HIGH] CVE-2019-8942 CVE-2019-8943 wordpress: various flaws [epel-all]
CVE-2019-8942 CVE-2019-8943 wordpress: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL.
http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.htmlhttp://packetstormsecurity.com/files/161213/WordPress-5.0.0-Remote-Code-Execution.htmlhttp://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rcehttp://www.securityfocus.com/bid/107089https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/https://www.exploit-db.com/exploits/46511/https://www.exploit-db.com/exploits/46662/http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.htmlhttp://packetstormsecurity.com/files/161213/WordPress-5.0.0-Remote-Code-Execution.htmlhttp://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rcehttp://www.securityfocus.com/bid/107089https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/https://www.exploit-db.com/exploits/46511/https://www.exploit-db.com/exploits/46662/
2019-02-20
Published