{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-19T00:00:00", "descriptions": [{"lang": "en", "value": "WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-05T16:06:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/9222"}, {"name": "46511", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46511/"}, {"name": "107088", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107088"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"}, {"name": "DSA-4401", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4401"}, {"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce"}, {"name": "46662", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46662/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8942", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wpvulndb.com/vulnerabilities/9222", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/9222"}, {"name": "46511", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46511/"}, {"name": "107088", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107088"}, {"name": "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/", "refsource": "MISC", "url": "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"}, {"name": "DSA-4401", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4401"}, {"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"}, {"name": "http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html"}, {"name": "http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce"}, {"name": "46662", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46662/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:31:37.541Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/9222"}, {"name": "46511", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46511/"}, {"name": "107088", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107088"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"}, {"name": "DSA-4401", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4401"}, {"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce"}, {"name": "46662", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46662/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-8942", "datePublished": "2019-02-20T03:00:00", "dateReserved": "2019-02-19T00:00:00", "dateUpdated": "2024-08-04T21:31:37.541Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEEA870E-2BB4-4720-A3D9-1FFBA5596D94", "versionEndExcluding": "4.9.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:5.0:-:*:*:*:*:*:*", "matchCriteriaId": "6388DAB8-F3FA-4200-9F3B-95C313A60D6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:5.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "94A6DBFD-C0C6-4DE4-87C2-172B775D2D79", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:5.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "28795DB4-793A-45FE-9AC3-8DA0744EC49A", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:5.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "31C648F2-8168-499C-ABEA-80257CA6602F", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:5.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "8491A84A-412E-48EA-BB3E-6B8DE391C0B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:5.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "226A4045-672A-4D89-9A81-695EA1AD2567", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "2D05F1BB-F066-4D9D-A270-106DABE83E58", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "ACDBA025-8E1C-4712-AA3A-9061F59517CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "AFFF7BFC-9D10-4569-965A-9640C722EEBC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943."}, {"lang": "es", "value": "WordPress, en versiones anteriores a la 4.99 y en las 5.x anteriores a la 5.0.1, permite la ejecuci\u00f3n remota de c\u00f3digo debido a que una entrada \"Post Meta\" _wp_attached_file puede modificarse a una cadena arbitraria, como uno que termina en una subcadena \".jpg?file.php\". Un atacante con privilegios de autor puede ejecutar c\u00f3digo arbitrario subiendo una imagen manipulada que contiene c\u00f3digo PHP en los metadatos Exif. Su explotaci\u00f3n exitosa puede aprovechar el CVE-2019-8943."}], "id": "CVE-2019-8942", "lastModified": "2024-11-21T04:50:42.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-20T03:29:00.250", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107088"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/9222"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4401"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46511/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46662/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/9222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46511/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46662/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}