Описание
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- PatchRelease NotesVendor Advisory
- PatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- PatchRelease NotesVendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:wordpress:wordpress:4.7:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:4.7.2:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:4.7.3:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:4.7.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:4.7.5:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:4.8:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:4.8.1:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.30547
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 8 лет назад
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
CVSS3: 7.5
debian
почти 8 лет назад
Before version 4.8.2, WordPress allowed a Directory Traversal attack i ...
CVSS3: 7.5
github
около 3 лет назад
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
EPSS
Процентиль: 96%
0.30547
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22