CVE-2018-9118

Опубликовано: 12 апр. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Высокий

Описание

exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.

Ссылки

https://99robots.com/docs/wp-background-takeover-advertisements/
Product
Release Notes
https://wpvulndb.com/vulnerabilities/9056
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/44417/
Exploit
Third Party Advisory
VDB Entry
https://99robots.com/docs/wp-background-takeover-advertisements/
Product
Release Notes
https://wpvulndb.com/vulnerabilities/9056
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/44417/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:99robots:wp_background_takeover_advertisements:*:*:*:*:*:wordpress:*:*

Версия до 4.1.5 (исключая)

EPSS

Процентиль: 99%

0.71307

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-pgmv-px7h-43x3