Main Vulnerability Database Vulnerabilities #VU14204

#VU14204 Path traversal in Site Editor - CVE-2018-7422

Published: August 6, 2018 / Updated: December 6, 2022

Vulnerability identifier: #VU14204

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-7422

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Site Editor

Software vendor:
WordPress.ORG

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to insufficient sanitization of user-supplied input submitted to the ajax_path parameter that is processed by the editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php code. A remote attacker can send a specially crafted request that submits malicious input, conduct directory traversal attack access arbitrary files on the system.

Remediation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

External links

http://seclists.org/fulldisclosure/2018/Mar/40

#VU14204 Path traversal in Site Editor - CVE-2018-7422

Description

Remediation

External links

Please verify you're human