Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-1001000

Опубликовано: 03 апр. 2017
Источник: ubuntu
Приоритет: medium
EPSS Высокий
CVSS2: 5
CVSS3: 7.5

Описание

The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.

РелизСтатусПримечание
devel

not-affected

4.7.3+dfsg-1
esm-apps/xenial

not-affected

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected]
precise

not-affected

trusty

not-affected

trusty/esm

DNE

trusty was not-affected
upstream

released

4.7.2+dfsg-1
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

not-affected

Показывать по

EPSS

Процентиль: 99%
0.79728
Высокий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 7.5
nvd
больше 8 лет назад

The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.

CVSS3: 7.5
debian
больше 8 лет назад

The register_routes function in wp-includes/rest-api/endpoints/class-w ...

CVSS3: 7.5
github
около 3 лет назад

The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.

EPSS

Процентиль: 99%
0.79728
Высокий

5 Medium

CVSS2

7.5 High

CVSS3