NVD Vulnerability Detail

CVE-2018-12895

Summary	WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges.
Publication Date	June 27, 2018, 5:29 a.m.
Registration Date	March 1, 2021, 6:51 p.m.
Last Update	Nov. 21, 2024, 12:46 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:wordpress:wordpress::::::::					4.9.7

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/164633/WordPress-4.9.6-Arbitrary-File-Deletion.html	Exploit Third Party Advisory VDB Entry
2	http://packetstormsecurity.com/files/164633/WordPress-4.9.6-Arbitrary-File-Deletion.html	Exploit Third Party Advisory VDB Entry
3	http://www.securityfocus.com/bid/104569	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/104569	Third Party Advisory VDB Entry
5	https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/	Third Party Advisory
6	https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/	Third Party Advisory
7	https://lists.debian.org/debian-lts-announce/2018/07/msg00046.html	Mailing List Third Party Advisory
8	https://lists.debian.org/debian-lts-announce/2018/07/msg00046.html	Mailing List Third Party Advisory
9	https://wpvulndb.com/vulnerabilities/9100	Third Party Advisory
10	https://wpvulndb.com/vulnerabilities/9100	Third Party Advisory
11	https://www.debian.org/security/2018/dsa-4250	Third Party Advisory
12	https://www.debian.org/security/2018/dsa-4250	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html

JVN Vulnerability Information

WordPress におけるディレクトリトラバーサルの脆弱性

Title	WordPress におけるディレクトリトラバーサルの脆弱性
Summary	WordPress には、ディレクトリトラバーサルの脆弱性が存在します。
Possible impacts	攻撃者により、巧妙に細工された wp-admin / post.php thumb パラメータを介して、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	June 26, 2018, midnight
Registration Date	Aug. 31, 2018, 6 p.m.
Last Update	Aug. 31, 2018, 6 p.m.

Affected System

Debian

Debian GNU/Linux

WordPress.org

WordPress 4.9.6 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-12895	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
National Vulnerability Database (NVD)
2	CVE-2018-12895	https://nvd.nist.gov/vuln/detail/CVE-2018-12895

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-4250	https://www.debian.org/security/2018/dsa-4250
WordPress.org
2	Top Page	https://github.com/lzlzh2016/easymagazine/blob/master/xx1.md

その他

No	Name	URL
関連文書
1	WARNING: WordPress File Delete to Code Execution	https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
2	WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion	https://wpvulndb.com/vulnerabilities/9100

Change Log

No	Changed Details	Date of change
1	[2018年08月31日] 掲載	Aug. 31, 2018, 6 p.m.