Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2017-1001000
HistoryApr 03, 2017 - 1:59 a.m.

CVE-2017-1001000

2017-04-0301:59:00
NVD-CWE-noinfo
[email protected]
web.nvd.nist.gov
118
4
cve
security
wordpress
rest api
vulnerability
remote attack
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.607 Medium

EPSS

Percentile

97.7%

JSON

The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.

Social References

More

Related

ubuntucve 1
prion 1
nessus 13
debiancve 1
wpvulndb 1
osv 1
wallarmlab 1
nmap 1
openvas 2
sonarsource 1
ubuntucve
ubuntucve
CVE-2017-1001000
2017-04-03 00:00:00
prion
prion
Integer overflow
2017-04-03 01:59:00
nessus
nessus
WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation
2017-02-16 00:00:00
WordPress 4.2.x < 4.2.12 Multiple Vulnerabilities
2018-11-05 00:00:00
WordPress 4.4.x < 4.4.7 Multiple Vulnerabilities
2018-11-05 00:00:00
debiancve
debiancve
CVE-2017-1001000
2017-04-03 01:59:00
wpvulndb
wpvulndb
WordPress 4.7.0-4.7.1 - Unauthenticated Page/Post Content Modification via REST API
2017-02-01 00:00:00
osv
osv
CVE-2017-1001000
2017-04-03 01:59:00
wallarmlab
wallarmlab
FAST or Burp or both?
2018-11-28 18:27:09
nmap
nmap
http-vuln-cve2017-1001000 NSE Script
2017-06-01 19:08:23
openvas
openvas
WordPress < 4.7.2 Multiple Security Vulnerabilities - Linux
2017-02-02 00:00:00
WordPress < 4.7.2 Multiple Security Vulnerabilities - Windows
2017-02-02 00:00:00
sonarsource
sonarsource
Cachet 2.4: Code Execution via Laravel Configuration Injection
2021-09-21 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.607 Medium

EPSS

Percentile

97.7%

JSON
Related for CVE-2017-1001000
ubuntucve1prion1nessus13debiancve1wpvulndb1osv1wallarmlab1nmap1openvas2sonarsource1