← Voltar para CVEs
CVE-2017-5493
N/ADescricao
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado1/15/2017
Ultima modificacao4/20/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
wordpress:wordpress
Fraquezas (CWE)
CWE-338
Referencias
http://www.debian.org/security/2017/dsa-3779(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2017/01/14/6(cve@mitre.org)
http://www.securityfocus.com/bid/95401(cve@mitre.org)
http://www.securitytracker.com/id/1037591(cve@mitre.org)
https://codex.wordpress.org/Version_4.7.1(cve@mitre.org)
https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4(cve@mitre.org)
https://wpvulndb.com/vulnerabilities/8721(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3779(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2017/01/14/6(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/95401(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037591(af854a3a-2127-422b-91ae-364da2661108)
https://codex.wordpress.org/Version_4.7.1(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4(af854a3a-2127-422b-91ae-364da2661108)
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/(af854a3a-2127-422b-91ae-364da2661108)
https://wpvulndb.com/vulnerabilities/8721(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.