Lucene search

[email protected]CVE-2018-20463

HistoryDec 25, 2018 - 9:29 p.m.

CVE-2018-20463

2018-12-2521:29:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2018-20463

jsmol2wp plugin

wordpress

arbitrary file read vulnerability

directory traversal

ssrf

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.031 Low

EPSS

Percentile

90.9%

JSON

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via …/ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF.

CPENameOperatorVersion
jsmol2wp_project:jsmol2wpjsmol2wp project jsmol2wpeq1.07

CPE	Name	Operator	Version
jsmol2wp_project:jsmol2wp	jsmol2wp project jsmol2wp	eq	1.07

References

wpvulndb.com/vulnerabilities/9197

www.cbiu.cc/2018/12/WordPress%E6%8F%92%E4%BB%B6jsmol2wp%E6%BC%8F%E6%B4%9E/#%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96-amp-SSRF

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.031 Low

EPSS

Percentile

90.9%

JSON

Related for CVE-2018-20463

wpvulndb1 prion1 patchstack1 wpexploit1 nuclei2