CVE-2019-8942

Name
CVE-2019-8942
Description
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Third Party Advisory http://www.securityfocus.com/bid/107088
Third Party Advisory https://wpvulndb.com/vulnerabilities/9222
Third Party Advisory https://www.debian.org/security/2019/dsa-4401
Exploit https://www.exploit-db.com/exploits/46511/
Exploit https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html
Exploit http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html
Exploit http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
Exploit https://www.exploit-db.com/exploits/46662/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:wordpress:wordpress:5.0:beta2:*:*:*:*:*:* wordpress == None == 5.0
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* wordpress >= None < 4.9.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status