Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP WordPress Crop Image arbitrary file write attempt

Rule Explanation

This event is generated when a file is uploaded to a vulnerable version of WP Crop Image Impact: A web shell could be uploaded and lead to a compromise of the server Details: Ease of Attack: very easy

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

Rule Vulnerability

CVE Additional Information

CVE-2019-8943
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
Details
Severity Base Score6.5
Impact Score3.6 Exploit Score2.8
Confidentiality ImpactNONE Integrity ImpactHIGH
Availability ImpactNONE Attack VectorNETWORK
ScopeUNCHANGED User InteractionNONE
Authentication Ease of AccessLOW
Privileges RequiredLOW