CVE-2019-14205
CVE-2019-14205
Vexday Risk Score
52Atenção
Decisão SSVC (CISA)
Act
Exploração + impacto → ação imediata
Maturidade do exploit
Exploit funcional
Exploit automatizável disponível (Nuclei/Metasploit).
CVSS —EPSS 63.4%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
21 jul 2019Publicada no NVD
Recomendação: Corrigir o quanto antes — há exploração ativa confirmada.
A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.
Produtos afetados
n/a · n/aReferências
https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdownhttps://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.htmlhttps://wordpress.org/plugins/adaptive-images/#developershttps://wpvulndb.com/vulnerabilities/9468