Test Kennung:	1.3.6.1.4.1.25623.1.0.809157
Kategorie:	Web application abuses
Titel:	WordPress Core Ajax handlers CSRF and Directory Traversal Vulnerabilities (Linux)
Zusammenfassung:	This host is running WordPress and is prone; to CSRF and directory traversal vulnerabilities.
Beschreibung:	Summary: This host is running WordPress and is prone to CSRF and directory traversal vulnerabilities. Vulnerability Insight: The flaw exists due to improper capability check in 'wp_ajax_update_plugin' and 'wp_ajax_delete_plugin' functions which are used in 'ajax-actions.php' script. Vulnerability Impact: Successfully exploiting this issue allow attacker to take over an authenticated user's session (privilege escalation) using a forged HTML page and to crash the web server. Affected Software/OS: WordPress version 4.5.3 on Linux. Solution: Update to WordPress version 4.6 or later. CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Querverweis:	BugTraq ID: 92573 BugTraq ID: 92572 Common Vulnerability Exposure (CVE) ID: CVE-2016-6896 https://www.exploit-db.com/exploits/40288/ https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html https://wpvulndb.com/vulnerabilities/8606 http://www.openwall.com/lists/oss-security/2016/08/20/1 http://www.securitytracker.com/id/1036683 Common Vulnerability Exposure (CVE) ID: CVE-2016-6897 http://www.securityfocus.com/bid/92572
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.