| VID |
22721 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of WordPress software which is older than or as old as version 4.5.2 is detected as installed on the host. WordPress is a freely available PHP-based publication program that uses a MySQL backend database. WordPress versions 4.5.2 and earlier are vulnerable to multiple vulnerabilities.
- A remote code execution vulnerability, known as ImageTragick, exists in the ImageMagick library due to a failure to properly filter shell characters in filenames passed to delegate commands. A remote attacker can exploit this, via specially crafted images, to inject shell commands and execute arbitrary code. (CVE-2016-3714)
- An unspecified flaw exists in the ImageMagick library in the 'ephemeral' pseudo protocol that allows an attacker to delete arbitrary files. (CVE-2016-3715)
- An unspecified flaw exists in the ImageMagick library in the 'ms' pseudo protocol that allows an attacker to move arbitrary files to arbitrary locations. (CVE-2016-3716)
- An unspecified flaw exists in the ImageMagick library in the 'label' pseudo protocol that allows an attacker, via a specially crafted image, to read arbitrary files. (CVE-2016-3717)
- A server-side request forgery (SSRF) vulnerability exists due to an unspecified flaw related to request handling between a user and the server. A remote attacker can exploit this, via an MVG file with a specially crafted fill element, to bypass access
restrictions and conduct host-based attacks. (CVE-2016-3718)
- An unspecified flaw exists in Plupload that allows an attacker to perform a same-origin method execution. (CVE-2016-4566)
- A reflected cross-site scripting vulnerability exists in MediaElement.js due to improper validation of user-supplied input. A context-dependent attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser
session. (CVE-2016-4567)
* Note: This check solely relied on the version number of the WordPress software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://wordpress.org/news/2016/05/wordpress-4-5-2/
https://imagetragick.com/
* Platforms affected:
WordPress versions 4.5.2 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of WordPress (4.5.2 or later), available from the WordPress Download Web site at http://wordpress.org/download/ |
| Related URL |
CVE-2016-3714,CVE-2016-3715,CVE-2016-3716,CVE-2016-3717,CVE-2016-3718,CVE-2016-4566,CVE-2016-4567 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
