HTTP: WordPress Image Edit Directory Traversal

This signature detects attempts to exploit a known vulnerability against WordPress. A successful attack can lead to Path Traversal.

Extended Description

WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

Affected Products

Wordpress wordpress

References

BugTraq: 107089

CVE: CVE-2019-8942

Short Name
HTTP:DIR:WP-IMAGE-EDIT
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2019-8942 CVE-2019-8943 Directory Edit Image Traversal WordPress bid:107089
Release Date
06/04/2019
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3870
False Positive
Unknown
Vendors

Wordpress

CVSS Score

4.0

6.5

Found a potential security threat?