CVE-2021-29447

CVE-2021-29447

3 years ago

source link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29447
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.

Recommend

CVE-2021-29447

CVE-2021-29447

Recommend

Features — Snuffleupagus stable documentation

libxml_set_external_entity_loader

勾正服务违规收集数据，创维电视：未予以授权，已解除合作

网信办上线历史虚无主义有害信息举报专区

libxml_disable_entity_loader

What’s new in Mobile development kit client 5.2

Microsoft Removes Two Stock Apps From Fresh Windows 10 Installations

全球汽车“缺芯” 大众墨西哥因芯片短缺停产

个性化小家电最好别走网红路线营销

The 14 Best Social Media Tools in 2021 (Some Are Even Free!)

About Joyk