CVE-2016-7169 - OpenCVE

Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.debian.org/security/2016/dsa-3681
http://www.securityfocus.com/bid/92841
https://codex.wordpress.org/Version_4.6.1
https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
https://wpvulndb.com/vulnerabilities/8616

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-05T02:00:00

Updated: 2024-08-06T01:50:47.517Z

Reserved: 2016-09-08T00:00:00

Link: CVE-2016-7169

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-01-05T02:59:03.887

Modified: 2017-11-04T01:29:22.943

Link: CVE-2016-7169

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e"}, {"name": "92841", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92841"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codex.wordpress.org/Version_4.6.1"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/8616"}, {"name": "DSA-3681", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3681"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7169", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e", "refsource": "CONFIRM", "url": "https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e"}, {"name": "92841", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92841"}, {"name": "https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/", "refsource": "CONFIRM", "url": "https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/"}, {"name": "https://codex.wordpress.org/Version_4.6.1", "refsource": "CONFIRM", "url": "https://codex.wordpress.org/Version_4.6.1"}, {"name": "https://wpvulndb.com/vulnerabilities/8616", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8616"}, {"name": "DSA-3681", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3681"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:50:47.517Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e"}, {"name": "92841", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92841"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://codex.wordpress.org/Version_4.6.1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/8616"}, {"name": "DSA-3681", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3681"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7169", "datePublished": "2017-01-05T02:00:00", "dateReserved": "2016-09-08T00:00:00", "dateUpdated": "2024-08-06T01:50:47.517Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F01FC84-BA31-4C2A-AB81-51A9323EC99A", "versionEndIncluding": "4.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la clase File_Upload_Upgrader en wp-admin/includes/class-file-upload-upgrader.php en el cargador del paquete de actualizaci\u00f3n en WordPress en versiones anteriores a 4.6.1 permite a usuarios remotos autenticados acceder a archivos arbitrarios a trav\u00e9s de un par\u00e1metro urlholder manipulado."}], "id": "CVE-2016-7169", "lastModified": "2017-11-04T01:29:22.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-05T02:59:03.887", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3681"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/92841"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://codex.wordpress.org/Version_4.6.1"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/"}, {"source": "cve@mitre.org", "url": "https://wpvulndb.com/vulnerabilities/8616"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}