CVE-2024-32111

描述

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through 4.1.40.

受影響套件(2)

• Bitnami/wordpress>= 4.1.0, < 4.1.41, >= 4.2.0, < 4.2.38, >= 4.3.0, < 4.3.34, >= 4.4.0, < 4.4.33, >= 4.5.0, < 4.5.32, >= 4.6.0, < 4.6.29, >= 4.7.0, < 4.7.29, >= 4.8.0, < 4.8.25, >= 4.9.0, < 4.9.26, >= 5.0.0, < 5.0.22, >= 5.1.0, < 5.1.19, >= 5.2.0, < 5.2.21, >= 5.3.0, < 5.3.18, >= 5.4.0, < 5.4.16, >= 5.5.0, < 5.5.15, >= 5.6.0, < 5.6.14, >= 5.7.0, < 5.7.12, >= 5.8.0, < 5.8.10, >= 5.9.0, < 5.9.10, >= 6.0.0, < 6.0.9, >= 6.1.0, < 6.1.7, >= 6.2.0, < 6.2.6, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.5, >= 6.5.0, < 6.5.5
• Bitnami/wordpress-multisite>= 4.1.0, < 4.1.41, >= 4.2.0, < 4.2.38, >= 4.3.0, < 4.3.34, >= 4.4.0, < 4.4.33, >= 4.5.0, < 4.5.32, >= 4.6.0, < 4.6.29, >= 4.7.0, < 4.7.29, >= 4.8.0, < 4.8.25, >= 4.9.0, < 4.9.26, >= 5.0.0, < 5.0.22, >= 5.1.0, < 5.1.19, >= 5.2.0, < 5.2.21, >= 5.3.0, < 5.3.18, >= 5.4.0, < 5.4.16, >= 5.5.0, < 5.5.15, >= 5.6.0, < 5.6.14, >= 5.7.0, < 5.7.12, >= 5.8.0, < 5.8.10, >= 5.9.0, < 5.9.10, >= 6.0.0, < 6.0.9, >= 6.1.0, < 6.1.7, >= 6.2.0, < 6.2.6, >= 6.3.0, < 6.3.5, >= 6.4.0, < 6.4.5, >= 6.5.0, < 6.5.5

CVSS 分數

參考連結(3)

• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-32111
• WEBhttps://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-5-5-contributor-arbitrary-html-file-read-windows-only-vulnerability?_s_id=cve
• WEBhttps://wordpress.org/news/2024/06/wordpress-6-5-5/