SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  WordPress _wp_attached_file Arbitrary File Overwrite

Category: WEB-ATTACKS      

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942


Relevant Information