QwikSec

Security Database

CVE

CWE

Training

CVE-2016-7169

Published: Jan 5, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/

x_refsource_CONFIRM

https://codex.wordpress.org/Version_4.6.1

x_refsource_CONFIRM

https://wpvulndb.com/vulnerabilities/8616

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.