CVE-2019-6715

Опубликовано: 01 апр. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Критический

Описание

pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.

Ссылки

http://packetstormsecurity.com/files/160674/WordPress-W3-Total-Cache-0.9.3-File-Read-Directory-Traversal.html
Exploit
Third Party Advisory
VDB Entry
https://vinhjaxt.github.io/2019/03/cve-2019-6715
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/160674/WordPress-W3-Total-Cache-0.9.3-File-Read-Directory-Traversal.html
Exploit
Third Party Advisory
VDB Entry
https://vinhjaxt.github.io/2019/03/cve-2019-6715
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:wordpress:*:*

Версия до 0.9.4 (исключая)

EPSS

Процентиль: 100%

0.90796

Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-58jp-4mgr-g2fp