Unrated severityOSV Advisory· Published Feb 20, 2019· Updated Aug 4, 2024
CVE-2019-8943
CVE-2019-8943
Description
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24.9.8, 5.0.3+ 1 more
- (no CPE)range: 4.9.8, 5.0.3
- (no CPE)range: <=5.0.3
Patches
Vulnerability mechanics
References
7- www.exploit-db.com/exploits/46511/mitreexploitx_refsource_EXPLOIT-DB
- www.exploit-db.com/exploits/46662/mitreexploitx_refsource_EXPLOIT-DB
- packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/161213/WordPress-5.0.0-Remote-Code-Execution.htmlmitrex_refsource_MISC
- www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rcemitrex_refsource_MISC
- www.securityfocus.com/bid/107089mitrevdb-entryx_refsource_BID
- blog.ripstech.com/2019/wordpress-image-remote-code-execution/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.