CVE-2016-6896

Published on: 01/18/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:10 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Certain versions of Wordpress from Wordpress contain the following vulnerability:

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.

  • CVE-2016-6896 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.1 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW NONE HIGH

CVSS2 Score: 5.5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE PARTIAL

CVE References

Description Tags Link
WordPress 4.5.3 - Authenticated Denial of Service (DoS) web.archive.org
text/html
Inactive LinkNot Archived
URL Logo MISC wpvulndb.com/vulnerabilities/8606
oss-security - Path traversal vulnerability in WordPress Core Ajax handlers Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160820 Path traversal vulnerability in WordPress Core Ajax handlers
WordPress Bugs Let Remote Users Conduct Cross-Site Request Forgery Attacks and Remote Authenticated Users Deny Service - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036683
WordPress Core 4.5.3 - Directory Traversal / Denial of Service - PHP webapps Exploit www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 40288
No Description Provided Exploit
Technical Description
Third Party Advisory
sumofpwn.nl
text/html
URL Logo MISC sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationWordpressWordpress4.5.3AllAllAll
ApplicationWordpressWordpress4.5.3AllAllAll
  • cpe:2.3:a:wordpress:wordpress:4.5.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:wordpress:wordpress:4.5.3:*:*:*:*:*:*:*: