CVE-2018-12895
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-12895
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12895.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-12895
- Related
- Published
- 2018-06-26T20:29:00Z
- Modified
- 2024-09-18T01:00:21Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wpdeleteattachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges.
- References
-
- http://packetstormsecurity.com/files/164633/WordPress-4.9.6-Arbitrary-File-Deletion.html
- http://www.securityfocus.com/bid/104569
- https://www.debian.org/security/2018/dsa-4250
- https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- https://lists.debian.org/debian-lts-announce/2018/07/msg00046.html
- https://wpvulndb.com/vulnerabilities/9100
- https://security-tracker.debian.org/tracker/CVE-2018-12895
Affected packages
Debian:11 / wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/debian/wordpress?arch=source
Debian:12 / wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/debian/wordpress?arch=source
Debian:13 / wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/debian/wordpress?arch=source
Git / github.com/wordpress/wordpress
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wordpress/wordpress
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/wordpress/wordpress-develop
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed