|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-28 | |
| Rule Name: | WordPress Plugin Plainview Activity Monitor Authenticated Command Injection Vulnerability (CVE-2018-15877) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Others | |
| Reference: | ExploitDB:45274 http://packetstormsecurity.com/files/155502/WordPress-Plainview-Activity-Monitor-20161228-Remote-Command-Execution.html https://github.com/aas-n/CVE/tree/master/CVE-2018-15877 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://wordpress.org/plugins/plainview-activity-monitor/ |