Vulnerabilities

CVE-2019-8943

by Fred · 19/02/2019

WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

Date published : 2019-02-19

http://www.securityfocus.com/bid/107089

https://www.exploit-db.com/exploits/46511/

Similar

Tags: Cybersecurity Alert