CVE-2017-1000600

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-1000600
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000600.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000600
Downstream
Published
2018-09-06T12:29:00.233Z
Modified
2026-04-10T03:56:07.680742Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
29ffbff370968ae48a1b7a34e35c8b8e75cf0f91
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.9"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000600.json"