Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-14990

Опубликовано: 03 окт. 2017
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:wordpress:wordpress:4.8.2:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 75%
0.00924
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-312

Связанные уязвимости

ubuntu логотип

CVE-2017-14990

CVSS3: 6.5
ubuntu
больше 7 лет назад

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).

debian логотип

CVE-2017-14990

CVSS3: 6.5
debian
больше 7 лет назад

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...

github логотип

GHSA-vhx7-jpm9-345w

CVSS3: 6.5
github
около 3 лет назад

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).

EPSS

Процентиль: 75%
0.00924
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-312