CVE-2019-8942
Vulnerability from cvelistv5
Published
2019-02-20 03:00
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/107088 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/9222 | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4401 | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46511/ | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46662/ | Exploit, Third Party Advisory, VDB Entry |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9222"
},
{
"name": "46511",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46511/"
},
{
"name": "107088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107088"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"
},
{
"name": "DSA-4401",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4401"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce"
},
{
"name": "46662",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46662/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-05T16:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9222"
},
{
"name": "46511",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46511/"
},
{
"name": "107088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107088"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"
},
{
"name": "DSA-4401",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4401"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce"
},
{
"name": "46662",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46662/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9222",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9222"
},
{
"name": "46511",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46511/"
},
{
"name": "107088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107088"
},
{
"name": "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/",
"refsource": "MISC",
"url": "https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"
},
{
"name": "DSA-4401",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4401"
},
{
"name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1742-1] wordpress security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html"
},
{
"name": "http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce"
},
{
"name": "46662",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46662/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8942",
"datePublished": "2019-02-20T03:00:00",
"dateReserved": "2019-02-19T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-8942\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-02-20T03:29:00.250\",\"lastModified\":\"2021-07-21T11:39:23.747\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.\"},{\"lang\":\"es\",\"value\":\"WordPress, en versiones anteriores a la 4.99 y en las 5.x anteriores a la 5.0.1, permite la ejecuci\u00f3n remota de c\u00f3digo debido a que una entrada \\\"Post Meta\\\" _wp_attached_file puede modificarse a una cadena arbitraria, como uno que termina en una subcadena \\\".jpg?file.php\\\". Un atacante con privilegios de autor puede ejecutar c\u00f3digo arbitrario subiendo una imagen manipulada que contiene c\u00f3digo PHP en los metadatos Exif. Su explotaci\u00f3n exitosa puede aprovechar el CVE-2019-8943.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.5},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9.9\",\"matchCriteriaId\":\"CEEA870E-2BB4-4720-A3D9-1FFBA5596D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6388DAB8-F3FA-4200-9F3B-95C313A60D6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:5.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"94A6DBFD-C0C6-4DE4-87C2-172B775D2D79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:5.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"28795DB4-793A-45FE-9AC3-8DA0744EC49A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:5.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C648F2-8168-499C-ABEA-80257CA6602F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:5.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8491A84A-412E-48EA-BB3E-6B8DE391C0B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:5.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"226A4045-672A-4D89-9A81-695EA1AD2567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D05F1BB-F066-4D9D-A270-106DABE83E58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:5.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACDBA025-8E1C-4712-AA3A-9061F59517CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:5.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFFF7BFC-9D10-4569-965A-9640C722EEBC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107088\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://wpvulndb.com/vulnerabilities/9222\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4401\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46511/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"VDB Entry\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/46662/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.