CVE-2019-8943

CVE-2019-8943

WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

Source: CVE-2019-8943

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다