An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.
References
Link | Resource |
---|---|
https://github.com/beerpwn/CVE/tree/master/WP-File-Upload_disclosure_report/ | Exploit Third Party Advisory |
https://wordpress.org/plugins/wp-file-upload/#developers | Release Notes Vendor Advisory |
https://wpvulndb.com/vulnerabilities/10132 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-13T22:07:09
Updated: 2020-03-14T00:06:00
Reserved: 2020-03-13T00:00:00
Link: CVE-2020-10564
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-13T23:15:11.910
Modified: 2020-03-19T16:16:54.993
Link: CVE-2020-10564
JSON object: View
Redhat Information
No data.
CWE