CVE-2013-1916 - OpenCVE

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
User Photo Project	User Photo

Configuration 1 [-]

cpe:2.3:a:user_photo_project:user_photo:0.9.4:*:*:*:*:wordpress:*:*

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/347137	Patch Third Party Advisory
https://wordpress.org/plugins/user-photo/#developers	Release Notes Third Party Advisory
https://www.exploit-db.com/exploits/16181	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-06-24T15:00:17

Updated: 2022-06-24T15:00:17

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1916

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-24T15:15:08.957

Modified: 2022-07-07T16:15:40.403

Link: CVE-2013-1916

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"containers": {"cna": {"affected": [{"product": "WordPress Plugin User Photo", "vendor": "n/a", "versions": [{"status": "affected", "version": "WordPress Plugin User Photo 0.9.4"}]}], "descriptions": [{"lang": "en", "value": "In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-24T15:00:17", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/plugins/user-photo/#developers"}, {"tags": ["x_refsource_MISC"], "url": "https://plugins.trac.wordpress.org/changeset/347137"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/16181"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1916", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WordPress Plugin User Photo", "version": {"version_data": [{"version_value": "WordPress Plugin User Photo 0.9.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434"}]}]}, "references": {"reference_data": [{"name": "https://wordpress.org/plugins/user-photo/#developers", "refsource": "MISC", "url": "https://wordpress.org/plugins/user-photo/#developers"}, {"name": "https://plugins.trac.wordpress.org/changeset/347137", "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/changeset/347137"}, {"name": "https://www.exploit-db.com/exploits/16181", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/16181"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1916", "datePublished": "2022-06-24T15:00:17", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2022-06-24T15:00:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:user_photo_project:user_photo:0.9.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4F67E26C-97D2-4720-B4D7-4ECBB60785B8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved."}, {"lang": "es", "value": "En el plugin User Photo de WordPress 0.9.4, cuando es subida una foto, s\u00f3lo es comprobada parcialmente y es posible cargar una puerta trasera en el servidor que aloja WordPress. Este backdoor puede ser llamado (ejecutado) incluso si la foto a\u00fan no ha sido aprobada"}], "id": "CVE-2013-1916", "lastModified": "2022-07-07T16:15:40.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-24T15:15:08.957", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/347137"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://wordpress.org/plugins/user-photo/#developers"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/16181"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "secalert@redhat.com", "type": "Secondary"}]}