← Zuruck zu CVEs
CVE-2018-20149
N/ABeschreibung
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht12/14/2018
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
debian:debian_linuxwordpress:wordpress
Schwachen (CWE)
CWE-79
Referenzen
http://www.securityfocus.com/bid/106220(cve@mitre.org)
https://codex.wordpress.org/Version_4.9.9(cve@mitre.org)
https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a(cve@mitre.org)
https://wpvulndb.com/vulnerabilities/9175(cve@mitre.org)
https://www.debian.org/security/2019/dsa-4401(cve@mitre.org)
https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/(cve@mitre.org)
http://www.securityfocus.com/bid/106220(af854a3a-2127-422b-91ae-364da2661108)
https://codex.wordpress.org/Version_4.9.9(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html(af854a3a-2127-422b-91ae-364da2661108)
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/(af854a3a-2127-422b-91ae-364da2661108)
https://wordpress.org/support/wordpress-version/version-5-0-1/(af854a3a-2127-422b-91ae-364da2661108)
https://wpvulndb.com/vulnerabilities/9175(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4401(af854a3a-2127-422b-91ae-364da2661108)
https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.