Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-11026

Опубликовано: 30 апр. 2020
Источник: debian

Описание

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
wordpressfixed5.4.1+dfsg1-1package

Примечания

  • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2

  • https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates

  • https://core.trac.wordpress.org/changeset/47638

  • https://github.com/WordPress/wordpress-develop/commit/74d6f9613b96a2948f7675513b8b7f8224bfc386 (master)

Связанные уязвимости

ubuntu логотип

CVE-2020-11026

CVSS3: 8.7
ubuntu
около 5 лет назад

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

nvd логотип

CVE-2020-11026

CVSS3: 8.7
nvd
около 5 лет назад

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).

fstec логотип

BDU:2020-03936

CVSS3: 5.4
fstec
около 5 лет назад

Уязвимость компонентов formatting.php и SanitizeFileName.php системы управления содержимым сайта WordPress, позволяющая нарушителю оказать воздействие на целостность данных