CVE-2013-1916 - Vulnerability Details - OpenCVE

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
User Photo Project	User Photo

Configuration 1 [-]

cpe:2.3:a:user_photo_project:user_photo:0.9.4:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/changeset/347137
https://wordpress.org/plugins/user-photo/#developers
https://www.exploit-db.com/exploits/16181

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-06-24T15:00:17

Updated: 2024-08-06T15:20:36.928Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1916

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-06-24T15:15:08.957

Modified: 2024-11-21T01:50:40.233

Link: CVE-2013-1916

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WordPress Plugin User Photo", "vendor": "n/a", "versions": [{"status": "affected", "version": "WordPress Plugin User Photo 0.9.4"}]}], "descriptions": [{"lang": "en", "value": "In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-24T15:00:17", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/plugins/user-photo/#developers"}, {"tags": ["x_refsource_MISC"], "url": "https://plugins.trac.wordpress.org/changeset/347137"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/16181"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1916", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WordPress Plugin User Photo", "version": {"version_data": [{"version_value": "WordPress Plugin User Photo 0.9.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/plugins/user-photo/#developers", "refsource": "MISC", "url": "https://wordpress.org/plugins/user-photo/#developers"}, {"name": "https://plugins.trac.wordpress.org/changeset/347137", "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/changeset/347137"}, {"name": "https://www.exploit-db.com/exploits/16181", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/16181"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:36.928Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/plugins/user-photo/#developers"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://plugins.trac.wordpress.org/changeset/347137"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.exploit-db.com/exploits/16181"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1916", "datePublished": "2022-06-24T15:00:17", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:36.928Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:user_photo_project:user_photo:0.9.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4F67E26C-97D2-4720-B4D7-4ECBB60785B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved."}, {"lang": "es", "value": "En el plugin User Photo de WordPress 0.9.4, cuando es subida una foto, s\u00f3lo es comprobada parcialmente y es posible cargar una puerta trasera en el servidor que aloja WordPress. Este backdoor puede ser llamado (ejecutado) incluso si la foto a\u00fan no ha sido aprobada"}], "id": "CVE-2013-1916", "lastModified": "2024-11-21T01:50:40.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-24T15:15:08.957", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/347137"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/user-photo/#developers"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/16181"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/347137"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/user-photo/#developers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/16181"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}