CVE-2018-1000773

Sažetak

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.

Reference

http://www.securityfocus.com/bid/105306
https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/
https://youtu.be/GePBmsNJw6Y?t=1763

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

14-11-2018 - 14:10

Objavljeno

06-09-2018 - 16:29