CVE-2019-14788: Path Traversal
First published: Thu Aug 15 2019(Updated: )
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tribulant Newsletters | <4.6.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-14788.
What is the title of this vulnerability?
The title of this vulnerability is 'wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before…'.
What is the severity of CVE-2019-14788?
The severity of CVE-2019-14788 is high.
How does CVE-2019-14788 allow remote PHP code execution?
CVE-2019-14788 allows remote PHP code execution through directory traversal and manipulation of the 'subscribers[1][1]' and 'exportfile' parameters.
How can I fix CVE-2019-14788?
To fix CVE-2019-14788, you should update the Tribulant Newsletters plugin to version 4.6.19 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- agent/source
- vendor/tribulant
- canonical/tribulant newsletters