WordPress CVE-2019-8943 Directory Traversal Vulnerability



WordPress is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information or execute arbitrary code. This may aid in further attacks.

WordPress 5.0.3 and prior versions are vulnerable.

Information

Bugtraq ID: 107089
Class: Input Validation Error
CVE: CVE-2019-8943

Remote: Yes
Local: No
Published: Feb 19 2019 12:00AM
Updated: Feb 19 2019 12:00AM
Credit: Simon Scannell
Vulnerable: WordPress WordPress 5.0.3
WordPress WordPress 5.0.2
WordPress WordPress 4.9.9
WordPress WordPress 4.9.8
WordPress WordPress 4.9.7
WordPress WordPress 4.9.6
WordPress WordPress 4.9.5
WordPress WordPress 4.9.2
WordPress WordPress 4.9.1
WordPress WordPress 4.8.3
WordPress WordPress 4.8.2
WordPress WordPress 4.8.1
WordPress WordPress 4.7.4
WordPress WordPress 4.7.2
WordPress WordPress 4.7.1
WordPress WordPress 4.6.1
WordPress WordPress 4.5.2
WordPress WordPress 4.5.1
WordPress WordPress 4.5
WordPress WordPress 4.4.1
WordPress WordPress 4.4
WordPress WordPress 4.2.4
WordPress WordPress 4.2.3
WordPress WordPress 4.2.2
WordPress WordPress 4.2.1
WordPress WordPress 4.1.2
WordPress WordPress 4.1.1
WordPress WordPress 4.1
WordPress WordPress 3.9.2
WordPress WordPress 3.9.1
WordPress WordPress 3.9
WordPress WordPress 3.8.2
WordPress WordPress 3.8.1
WordPress WordPress 3.7.4
WordPress WordPress 3.7.1
WordPress WordPress 3.6.1
WordPress WordPress 3.6
WordPress WordPress 3.5.2
WordPress WordPress 3.5.1
WordPress WordPress 3.3.2
WordPress WordPress 3.2.2
WordPress WordPress 3.1.4
WordPress WordPress 3.1.3
WordPress WordPress 3.1.2
WordPress WordPress 3.1.1
WordPress WordPress 3.0.5
WordPress WordPress 3.0.4
WordPress WordPress 3.0.3
WordPress WordPress 3.0.2
WordPress WordPress 2.9.2
WordPress WordPress 2.9.1
WordPress WordPress 2.8.6
WordPress WordPress 2.8.5
WordPress WordPress 2.8.4
WordPress WordPress 2.8.3
WordPress WordPress 2.8.2
WordPress WordPress 2.8.1
WordPress WordPress 2.6.5
WordPress WordPress 2.6.2
WordPress WordPress 2.6.1
WordPress WordPress 2.5.1
WordPress WordPress 2.3.3
WordPress WordPress 2.3.2
WordPress WordPress 2.3.1
WordPress WordPress 2.2.3
WordPress WordPress 2.2.2
WordPress WordPress 2.2.1
WordPress WordPress 2.1.3
WordPress WordPress 2.1.2
WordPress WordPress 2.1.1
WordPress WordPress 2.0.11
WordPress WordPress 2.0.10
WordPress WordPress 2.0.7
WordPress WordPress 2.0.6
WordPress WordPress 2.0.5
WordPress WordPress 2.0.4
WordPress WordPress 2.0.3
WordPress WordPress 2.0.2
WordPress WordPress 2.0.1
WordPress WordPress 2.0
WordPress WordPress 1.5.2
WordPress WordPress 1.5.1 .3
WordPress WordPress 1.5.1 .2
WordPress WordPress 1.5.1
WordPress WordPress 1.5
WordPress WordPress 1.3.1
WordPress WordPress 1.2.2
WordPress WordPress 1.2.1
WordPress WordPress 1.2
WordPress WordPress 0.71
WordPress WordPress 0.7
WordPress WordPress 0.6.2
WordPress WordPress 5.0.1
WordPress WordPress 5.0
WordPress WordPress 4.9
WordPress WordPress 4.7.5
WordPress WordPress 4.7.3
WordPress WordPress 4.7
WordPress WordPress 4.6
WordPress WordPress 4.5.3
WordPress WordPress 4.4.2
WordPress WordPress 4.3.1
WordPress WordPress 4.3
WordPress WordPress 4.2
WordPress WordPress 4.0.1
WordPress WordPress 4.0
WordPress WordPress 3.9.3
WordPress WordPress 3.9
WordPress WordPress 3.8.5
WordPress WordPress 3.8.4
WordPress WordPress 3.8.3
WordPress WordPress 3.8
WordPress WordPress 3.7.5
WordPress WordPress 3.7
WordPress WordPress 3.6
WordPress WordPress 3.5.0
WordPress WordPress 3.5
WordPress WordPress 3.4.2
WordPress WordPress 3.4.1
WordPress WordPress 3.4.0
WordPress WordPress 3.4
WordPress WordPress 3.3.3
WordPress WordPress 3.3.1
WordPress WordPress 3.3
WordPress WordPress 3.2.1
WordPress WordPress 3.2
WordPress WordPress 3.1
WordPress WordPress 3.0.6
WordPress WordPress 3.0.1
WordPress WordPress 2.9.1.1
WordPress WordPress 2.9
WordPress WordPress 2.8.5.2
WordPress WordPress 2.8.5.1
WordPress WordPress 2.8
WordPress WordPress 2.7.1
WordPress WordPress 2.7
WordPress WordPress 2.6.3
WordPress WordPress 2.6
WordPress WordPress 2.5
WordPress WordPress 2.3
WordPress WordPress 2.2.0
WordPress WordPress 2.2
WordPress WordPress 2.1
WordPress WordPress 2.0.9
WordPress WordPress 2.0.8
WordPress WordPress 1.6.2
WordPress WordPress 1.6
WordPress WordPress 1.5.1.1
WordPress WordPress 1.5
WordPress WordPress 1.4
WordPress WordPress 1.3.3
WordPress WordPress 1.3.2
WordPress WordPress 1.3
WordPress WordPress 1.2.5
WordPress WordPress 1.2.4
WordPress WordPress 1.2.3
WordPress WordPress 1.1.1
WordPress WordPress 1.0.2
WordPress WordPress 1.0.1
WordPress WordPress 0.72
WordPress WordPress 0.711
WordPress WordPress 0.71
WordPress WordPress 0.7
WordPress WordPress 0.6.2.1


Not Vulnerable:

Exploit


The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.


References:

Related Posts