漏洞标题
WordPress 核心 < 6.5.5 - 突破性任意.html文件读取(仅限Windows)漏洞
漏洞描述信息
Automattic WordPress的不适当受限路径名到受限目录('路径遍历')漏洞允许相对路径遍历。此问题影响WordPress:从6.5到6.5.4,从6.4到6.4.4,从6.3到6.3.4,从6.2到6.2.5,从6.1到6.1.6,从6.0到6.0.8,从5.9到5.9.9,从5.8到5.8.9,从5.7到5.7.11,从5.6到5.6.13,从5.5到5.5.14,从5.4到5.4.15,从5.3到5.3.17,从5.2到5.2.20,从5.1到5.1.18,从5.0到5.0.21,从4.9到4.9.25,从4.8到4.8.24,从4.7到4.7.28,从4.6到4.6.28,从4.5到4.5.31,从4.4到4.4.32,从4.3到4.3.33,从4.2到4.2.37,从4.1到4.1.40。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability
漏洞描述信息
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through 4.1.40.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
WordPress 路径遍历漏洞
漏洞描述信息
WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress存在路径遍历漏洞,该漏洞源于将路径名不当限制为受限目录。
CVSS信息
N/A
漏洞类别
路径遍历