15 matches found
SUSE CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...
Exploit for Unrestricted Upload of File with Dangerous Type in Wordpress
PoC exploit for CVE-2019-8942 and CVE-2019-8943, a pair of vulne...
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...
WordPress 5.0.0 crop-image Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...
Debian: Security Advisory (DLA-1742-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-8942
creationtimestamp| type| source ---|---|--- 2019-03-01 08:59:30+00:00| published-proof-of-concept| https://t.me/antichat/3785 2019-03-01 09:58:50+00:00| seen| https://t.me/thebugbountyhunter/2368 2019-04-04 20:32:00+00:00| seen|...
[SECURITY] [DSA 4401-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4401-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4401-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4401-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 01, 2019 https://www.debian.org/security/faq -...
WordPress RCE Vulnerability (CVE-2019-8942) - Linux
WordPress allows remote code execution RCE because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif...
WordPress RCE Vulnerability (CVE-2019-8942) - Windows
WordPress allows remote code execution RCE because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif...
CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...
CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...
CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...
CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...
CVE-2019-8942
CVE-2019-8942 affects WordPress core prior to 4.9.9 and 5.x prior to 5.0.1. Affected component is the _wp_attached_file Post Meta; an attacker with author privileges can replace the Post Meta with an arbitrary string (e.g., ending with .jpg?file.php) and, via a crafted image containing PHP in Exi...