Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-12895

Published: 26/06/2018 Updated: 05/11/2021
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Wordpress

Vulnerability Summary

WordPress up to and including 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

debian debian linux 9.0

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CVE-2018-12895
Debian Bug report logs - #902876 wordpress: CVE-2018-12895 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 2 Jul 2018 17:33:01 UTC Severity: important Tags: security, upstream Found in version wordpress/495+d ...

Exploits

Exploit DB: WordPress 4.9.6 Arbitrary File Deletion
WordPress version 496 arbitrary file deletion exploit Original discovery of this vulnerability is attributed to VulnSpy in June of 2018 ...

Github Repositories

https://github.com/zmh68/codepath-w07

codepath week 7 assignment

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) CVE-2015-3440 - Unauthenticated Stored Cross-Site Scripting Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 421 GIF Walkthrough:

References

CWE-22https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/http://www.securityfocus.com/bid/104569https://wpvulndb.com/vulnerabilities/9100https://www.debian.org/security/2018/dsa-4250https://lists.debian.org/debian-lts-announce/2018/07/msg00046.htmlhttp://packetstormsecurity.com/files/164633/WordPress-4.9.6-Arbitrary-File-Deletion.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902876https://nvd.nist.govhttps://github.com/zmh68/codepath-w07
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook