Published: 20/02/2019 Updated: 21/07/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 662

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

WordPress prior to 4.9.9 and 5.x prior to 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress 5.0
wordpress wordpress
debian debian linux 9.0

Several vulnerabilities were discovered in Wordpress, a web blogging tool They allowed remote attackers to perform various Cross-Side Scripting (XSS) and PHP injections attacks, delete files, leak potentially sensitive data, create posts of unauthorized types, or cause denial-of-service by application crash For the stable distribution (stretch), ...

WordPress before 499 and 5x before 501 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a jpg?filephp substring An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata Exploitat ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) super(update_info( ...

var wpnonce = ''; var ajaxnonce = ''; var wp_attached_file = ''; var imgurl = ''; var postajaxdata = ''; var post_id = 0; var cmd = '<?php phpinfo();/*'; var cmdlen = cmdlength var payload = '\xff\xd8\xff\xed\x004Photoshop 30\x008BIM\x04\x04'+'\x00'repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x0 ...

Exploit of CVE-2019-8942 and CVE-2019-8943

CVE-2019-8943 WordPress 500 - Image Remote Code Execution Exploit of CVE-2019-8942 and CVE-2019-8943 using python : ExploitDB : wwwexploit-dbcom/exploits/49512 The original exploit for metasploit : WordPress Core 500 - Crop-image Shell Upload (Metasploit) : wwwexploit-dbcom/exploits/46662 video : Description: The video below demonstrates how an attacker

Final project in Posts and Telecommunications Institute of Technology Author: Duc Hoang This project contains two main functions: Capture network package and write it down CSV file Read packet infomation from CSV file and detect if it tries to exploit CVE-2019-8942

cve-2019-8942, cve-2019-8943

WordPress Image CROP RCE 분석 보고서 POC & Dockekfile : githubcom/synod2/WP_CROP_RCE 본 문서에서는 Wordpress 499 및 501 이전 버전에서 발견된 취약점으로써, WordPress Image CROP RCE로 알려진 CVE-2019-8942와 CVE-2019-8943에 대해 다룬다 CVE 번호 공개일 설명 CVE-2019-8942 2019-2-19 wp_postmeta 테이블 값을

WordPress 500 Crop-image Remote Code Execution Description The exploit code leverages the CVE-2019-8943 and CVE-2019-8942 vulnerabilities to gain remote code execution on WordPress 500 and <= 498 Installation git clone githubcom/ret2x-tools/poc-wordpress-500git pip install -r requirementstxt Usage root@parrot:~#

CVE-2019-8942 and CVE-2019-8943: WordPress RCE (author priviledge) Tổng quan CVE-2019-8942 là lỗ hổng lợi dụng lỗi LFI kết hợp tính năng File Upload để thực hiện RCE đến máy chủ web Wordpress với quyền author Các phiên bản Wordpress bị ảnh hưởng bao gồm trước 499 và 5x tới trước 50

A simple PoC for WordPress RCE (author priviledge), refer to CVE-2019-8942 and CVE-2019-8943.

Summary A simple PoC for WordPress RCE (author priviledge), refer to CVE-2019-8942 and CVE-2019-8943 Affected Version WordPress <= 498 (verified) WordPress <= 500 Test Environment Docker Image docker pull avfisherdocker/wordpress:498 docker run -d -p 80:80 avfisherdocker/wordpress:498 Mysql & WordPress Info Type Username Password mysql

detecting cve 2019 8942 based on signature based detection.

CVE 2019_8942 demo detecting cve 2019 8942 based on signature based detection to run this project Clone this repo git clone githubcom/nguyenmanhthinbsl/CVE2019_8942 Open the folder in your IDE -> new Terminal python live_capturepy -i 'your_network_interface_name_here' ref: this project uses a guide by GitHub author Brianwrf repo a t

CWE-434 https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/http://www.securityfocus.com/bid/107088 https://wpvulndb.com/vulnerabilities/9222 https://www.debian.org/security/2019/dsa-4401 https://www.exploit-db.com/exploits/46511/https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce https://www.exploit-db.com/exploits/46662/https://nvd.nist.gov https://www.debian.org/security/2019/dsa-4401 https://www.exploit-db.com/exploits/46662 https://github.com/v0lck3r/CVE-2019-8943

CVE-2019-8942

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect