Vulnerability Details : CVE-2016-7169
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.
Vulnerability category: Directory traversal
Products affected by CVE-2016-7169
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-7169
Top countries where our scanners detected CVE-2016-7169
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-7169 24
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-7169!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-7169
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7169
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
6.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
NIST |
CWE ids for CVE-2016-7169
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7169
-
http://www.securityfocus.com/bid/92841
WordPress Cross Site Scripting And Directory Traversal Vulnerabilities
-
https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
News – WordPress 4.6.1 Security and Maintenance Release – WordPress.orgPatch;Vendor Advisory
-
https://codex.wordpress.org/Version_4.6.1
Version 4.6.1 | WordPress.orgPatch
-
http://www.debian.org/security/2016/dsa-3681
Debian -- Security Information -- DSA-3681-1 wordpress
-
https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
Upgrade/Install: Sanitize file name in `File_Upload_Upgrader`. · WordPress/WordPress@54720a1 · GitHubPatch
-
https://wpvulndb.com/vulnerabilities/8616
WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
Jump to