wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
References
Link | Resource |
---|---|
https://wordpress.org/plugins/newsletters-lite/#developers | Release Notes |
https://wpvulndb.com/vulnerabilities/9447 | Third Party Advisory |
https://www.pluginvulnerabilities.com/2019/07/02/there-is-also-an-authenticated-remote-code-execution-rce-vulnerability-in-newsletters/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-15T15:45:22
Updated: 2019-08-22T13:06:11
Reserved: 2019-08-09T00:00:00
Link: CVE-2019-14788
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-15T16:15:12.197
Modified: 2023-05-18T15:03:03.467
Link: CVE-2019-14788
JSON object: View
Redhat Information
No data.
CWE