3 matches found
CVE-2018-19370
A Race condition vulnerability in unzipfile in admin/import/class-import-settings.php in the Yoast SEO wordpress-seo plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import...
CVE-2018-19370
The CVE-2018-19370 entry concerns Yoast SEO (wordpress-seo) plugin for WordPress, specifically versions before 9.2.0. A race-condition in unzip_file (admin/import/class-import-settings.php) allows an SEO Manager to execute OS commands via a ZIP import. Public sources in the connected documents co...
WordPress: Wordpress unzip_file path traversal
Summary The Wordpress unzipfile function https://codex.wordpress.org/FunctionReference/unzipfile is vulnerable to path traversal when extracting zip files. Extracting untrusted zip files using this function this could lead to code execution through placing arbitrary PHP files in the DocumentRoot ...