Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-16949

EPSS 38.79% · P97
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-16949

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress AccessKeys AccessPress Anonymous Post Pro插件安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。AccessKeys AccessPress Anonymous Post Pro plugin是使用在其中的一个匿名发布插件。 WordPress AccessKeys AccessPress Anonymous Post Pro插件3.1.9及之前的版本中存在安全漏洞,该漏洞源于程序没有正确的过滤输入。攻击攻击者可利用该漏洞覆盖设置,上传任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2017-16949

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-16949

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-12-18 · 27 CVEs total

CVE-2017-17651PHP Scripts Mall Paid To Read Script SQL注入漏洞
CVE-2017-16997GNU C Library 代码问题漏洞
CVE-2017-17733Maccms 安全漏洞
CVE-2017-17731Desdev DedeCMS SQL注入漏洞
CVE-2017-17730Desdev DedeCMS SQL注入漏洞
CVE-2017-17727Desdev DedeCMS 安全漏洞
CVE-2017-17740OpenLDAP 安全漏洞
CVE-2017-17739BrightSign Digital Signage(4k242)路径遍历漏洞
CVE-2017-17738BrightSign Digital Signage(4k242)安全漏洞
CVE-2017-17737BrightSign Digital Signage(4k242)跨站脚本漏洞
CVE-2017-17735CMS Made Simple 安全漏洞
CVE-2017-17734CMS Made Simple 信息泄露漏洞
CVE-2017-17741Linux kernel 安全漏洞
CVE-2017-11562MT4 Networks SenhaSegura Web Application 安全漏洞
CVE-2017-17649PHP Scripts Mall Readymade Video Sharing Script 安全漏洞
CVE-2017-17645Bus Booking Script SQL注入漏洞
CVE-2017-17643FS Lynda Clone SQL注入漏洞
CVE-2017-14583NetApp Clustered Data ONTAP 安全漏洞
CVE-2017-17721ZUUSE BEIMS ContractorWeb .NET SQL注入漏洞
CVE-2017-17107Zivif PR115-204-P-RS 安全漏洞

Showing top 20 of 27 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2017-16949

No comments yet

Leave a comment