Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-11026

Опубликовано: 30 апр. 2020
Источник: debian
EPSS Низкий

Описание

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
wordpressfixed5.4.1+dfsg1-1package

Примечания

  • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2

  • https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates

  • https://core.trac.wordpress.org/changeset/47638

  • https://github.com/WordPress/wordpress-develop/commit/74d6f9613b96a2948f7675513b8b7f8224bfc386 (master)

EPSS

Процентиль: 85%
0.02623
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-11026

CVSS3: 8.7
ubuntu
больше 5 лет назад

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

nvd логотип

CVE-2020-11026

CVSS3: 8.7
nvd
больше 5 лет назад

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

fstec логотип

BDU:2020-03936

CVSS3: 5.4
fstec
больше 5 лет назад

Уязвимость компонентов formatting.php и SanitizeFileName.php системы управления содержимым сайта WordPress, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 85%
0.02623
Низкий