WordPress CVE-2019-8943 Directory Traversal Vulnerability
BID:107089
CVE-2019-8943 |Info
WordPress CVE-2019-8943 Directory Traversal Vulnerability
| Bugtraq ID: | 107089 |
| Class: | Input Validation Error |
| CVE: |
CVE-2019-8943 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2019 12:00AM |
| Updated: | Feb 19 2019 12:00AM |
| Credit: | Simon Scannell |
| Vulnerable: |
WordPress WordPress 5.0.3 WordPress WordPress 5.0.2 WordPress WordPress 4.9.9 WordPress WordPress 4.9.8 WordPress WordPress 4.9.7 WordPress WordPress 4.9.6 WordPress WordPress 4.9.5 WordPress WordPress 4.9.2 WordPress WordPress 4.9.1 WordPress WordPress 4.8.3 WordPress WordPress 4.8.2 WordPress WordPress 4.8.1 WordPress WordPress 4.7.4 WordPress WordPress 4.7.2 WordPress WordPress 4.7.1 WordPress WordPress 4.6.1 WordPress WordPress 4.5.2 WordPress WordPress 4.5.1 WordPress WordPress 4.5 WordPress WordPress 4.4.1 WordPress WordPress 4.4 WordPress WordPress 4.2.4 WordPress WordPress 4.2.3 WordPress WordPress 4.2.2 WordPress WordPress 4.2.1 WordPress WordPress 4.1.2 WordPress WordPress 4.1.1 WordPress WordPress 4.1 WordPress WordPress 3.9.2 WordPress WordPress 3.9.1 WordPress WordPress 3.9 WordPress WordPress 3.8.2 WordPress WordPress 3.8.1 WordPress WordPress 3.7.4 WordPress WordPress 3.7.1 WordPress WordPress 3.6.1 WordPress WordPress 3.6 WordPress WordPress 3.5.2 WordPress WordPress 3.5.1 WordPress WordPress 3.3.2 WordPress WordPress 3.2.2 WordPress WordPress 3.1.4 WordPress WordPress 3.1.3 WordPress WordPress 3.1.2 WordPress WordPress 3.1.1 WordPress WordPress 3.0.5 WordPress WordPress 3.0.4 WordPress WordPress 3.0.3 WordPress WordPress 3.0.2 WordPress WordPress 2.9.2 WordPress WordPress 2.9.1 WordPress WordPress 2.8.6 WordPress WordPress 2.8.5 WordPress WordPress 2.8.4 WordPress WordPress 2.8.3 WordPress WordPress 2.8.2 WordPress WordPress 2.8.1 WordPress WordPress 2.6.5 WordPress WordPress 2.6.2 WordPress WordPress 2.6.1 WordPress WordPress 2.5.1 WordPress WordPress 2.3.3 WordPress WordPress 2.3.2 WordPress WordPress 2.3.1 WordPress WordPress 2.2.3 WordPress WordPress 2.2.2 WordPress WordPress 2.2.1 WordPress WordPress 2.1.3 WordPress WordPress 2.1.2 WordPress WordPress 2.1.1 WordPress WordPress 2.0.11 WordPress WordPress 2.0.10 WordPress WordPress 2.0.7 WordPress WordPress 2.0.6 WordPress WordPress 2.0.5 WordPress WordPress 2.0.4 WordPress WordPress 2.0.3 WordPress WordPress 2.0.2 WordPress WordPress 2.0.1 WordPress WordPress 2.0 WordPress WordPress 1.5.2 WordPress WordPress 1.5.1 .3 WordPress WordPress 1.5.1 .2 WordPress WordPress 1.5.1 WordPress WordPress 1.5 WordPress WordPress 1.3.1 WordPress WordPress 1.2.2 WordPress WordPress 1.2.1 WordPress WordPress 1.2 WordPress WordPress 0.71 WordPress WordPress 0.7 WordPress WordPress 0.6.2 WordPress WordPress 5.0.1 WordPress WordPress 5.0 WordPress WordPress 4.9 WordPress WordPress 4.7.5 WordPress WordPress 4.7.3 WordPress WordPress 4.7 WordPress WordPress 4.6 WordPress WordPress 4.5.3 WordPress WordPress 4.4.2 WordPress WordPress 4.3.1 WordPress WordPress 4.3 WordPress WordPress 4.2 WordPress WordPress 4.0.1 WordPress WordPress 4.0 WordPress WordPress 3.9.3 WordPress WordPress 3.9 WordPress WordPress 3.8.5 WordPress WordPress 3.8.4 WordPress WordPress 3.8.3 WordPress WordPress 3.8 WordPress WordPress 3.7.5 WordPress WordPress 3.7 WordPress WordPress 3.6 WordPress WordPress 3.5.0 WordPress WordPress 3.5 WordPress WordPress 3.4.2 WordPress WordPress 3.4.1 WordPress WordPress 3.4.0 WordPress WordPress 3.4 WordPress WordPress 3.3.3 WordPress WordPress 3.3.1 WordPress WordPress 3.3 WordPress WordPress 3.2.1 WordPress WordPress 3.2 WordPress WordPress 3.1 WordPress WordPress 3.0.6 WordPress WordPress 3.0.1 WordPress WordPress 2.9.1.1 WordPress WordPress 2.9 WordPress WordPress 2.8.5.2 WordPress WordPress 2.8.5.1 WordPress WordPress 2.8 WordPress WordPress 2.7.1 WordPress WordPress 2.7 WordPress WordPress 2.6.3 WordPress WordPress 2.6 WordPress WordPress 2.5 WordPress WordPress 2.3 WordPress WordPress 2.2.0 WordPress WordPress 2.2 WordPress WordPress 2.1 WordPress WordPress 2.0.9 WordPress WordPress 2.0.8 WordPress WordPress 1.6.2 WordPress WordPress 1.6 WordPress WordPress 1.5.1.1 WordPress WordPress 1.5 WordPress WordPress 1.4 WordPress WordPress 1.3.3 WordPress WordPress 1.3.2 WordPress WordPress 1.3 WordPress WordPress 1.2.5 WordPress WordPress 1.2.4 WordPress WordPress 1.2.3 WordPress WordPress 1.1.1 WordPress WordPress 1.0.2 WordPress WordPress 1.0.1 WordPress WordPress 0.72 WordPress WordPress 0.711 WordPress WordPress 0.71 WordPress WordPress 0.7 WordPress WordPress 0.6.2.1 |
| Not Vulnerable: | |
Discussion
WordPress CVE-2019-8943 Directory Traversal Vulnerability
WordPress is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information or execute arbitrary code. This may aid in further attacks.
WordPress 5.0.3 and prior versions are vulnerable.
WordPress is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information or execute arbitrary code. This may aid in further attacks.
WordPress 5.0.3 and prior versions are vulnerable.
Exploit / POC
WordPress CVE-2019-8943 Directory Traversal Vulnerability
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
Solution / Fix
WordPress CVE-2019-8943 Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WordPress CVE-2019-8943 Directory Traversal Vulnerability
References:
References:
- WordPress 5.0.0 Remote Code Execution (WordPress)
- WordPress Homepage (WordPress)