http://bugzilla.opensuse.org/show_bug.cgi?id=1126065 Bug ID: 1126065 Summary: VUL-1: CVE-2019-8943: wordpress: Path Traversal in wp_crop_image() Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/225052/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: ecsos@schirra.net Reporter: rfrohl@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-8943 WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8943 https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ -- You are receiving this mail because: You are on the CC list for the bug.