mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2021/02/02 00:10:08

Browse source
This commit is contained in:
motikan2010-bot 2021-02-02 00:10:08 +09:00
parent 589a82cda3
commit b4cb50f6b9
23 changed files with 163 additions and 130 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
2014/CVE-2014-4210.json
View file

@ -36,13 +36,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-02-01T09:04:37Z",
"updated_at": "2021-02-01T10:34:10Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 908,
"watchers_count": 908,
"stargazers_count": 909,
"watchers_count": 909,
"forks_count": 215,
"forks": 215,
"watchers": 908,
"watchers": 909,
"score": 0
},
{

8
2015/CVE-2015-3306.json
View file

@ -59,13 +59,13 @@
"description": "ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container",
"fork": false,
"created_at": "2017-01-08T14:19:51Z",
"updated_at": "2021-01-31T15:33:54Z",
"updated_at": "2021-02-01T15:01:40Z",
"pushed_at": "2018-04-07T01:10:06Z",
"stargazers_count": 65,
"watchers_count": 65,
"stargazers_count": 67,
"watchers_count": 67,
"forks_count": 34,
"forks": 34,
"watchers": 65,
"watchers": 67,
"score": 0
},
{

8
2016/CVE-2016-0638.json
View file

@ -13,13 +13,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-02-01T09:04:37Z",
"updated_at": "2021-02-01T10:34:10Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 908,
"watchers_count": 908,
"stargazers_count": 909,
"watchers_count": 909,
"forks_count": 215,
"forks": 215,
"watchers": 908,
"watchers": 909,
"score": 0
},
{

4
2016/CVE-2016-1287.json
View file

@ -17,8 +17,8 @@
"pushed_at": "2016-02-15T04:59:43Z",
"stargazers_count": 15,
"watchers_count": 15,
"forks_count": 10,
"forks": 10,
"forks_count": 11,
"forks": 11,
"watchers": 15,
"score": 0
},

8
2017/CVE-2017-3248.json
View file

@ -36,13 +36,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-02-01T09:04:37Z",
"updated_at": "2021-02-01T10:34:10Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 908,
"watchers_count": 908,
"stargazers_count": 909,
"watchers_count": 909,
"forks_count": 215,
"forks": 215,
"watchers": 908,
"watchers": 909,
"score": 0
}
]

8
2017/CVE-2017-5223.json
View file

@ -13,13 +13,13 @@
"description": null,
"fork": false,
"created_at": "2018-09-26T11:58:32Z",
"updated_at": "2018-09-26T12:03:35Z",
"updated_at": "2021-02-01T09:33:48Z",
"pushed_at": "2018-09-26T12:03:33Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0
}
]

8
2018/CVE-2018-2628.json
View file

@ -450,13 +450,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-02-01T09:04:37Z",
"updated_at": "2021-02-01T10:34:10Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 908,
"watchers_count": 908,
"stargazers_count": 909,
"watchers_count": 909,
"forks_count": 215,
"forks": 215,
"watchers": 908,
"watchers": 909,
"score": 0
},
{

4
2019/CVE-2019-0193.json
View file

@ -63,8 +63,8 @@
"pushed_at": "2020-07-08T06:51:47Z",
"stargazers_count": 45,
"watchers_count": 45,
"forks_count": 10,
"forks": 10,
"forks_count": 11,
"forks": 11,
"watchers": 45,
"score": 0
},

4
2019/CVE-2019-0708.json
View file

@ -1236,8 +1236,8 @@
"pushed_at": "2019-06-22T21:48:45Z",
"stargazers_count": 787,
"watchers_count": 787,
"forks_count": 193,
"forks": 193,
"forks_count": 194,
"forks": 194,
"watchers": 787,
"score": 0
},

8
2019/CVE-2019-17558.json
View file

@ -36,13 +36,13 @@
"description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340",
"fork": false,
"created_at": "2020-04-01T09:33:35Z",
"updated_at": "2021-02-01T01:37:13Z",
"updated_at": "2021-02-01T14:48:46Z",
"pushed_at": "2020-11-07T05:55:00Z",
"stargazers_count": 2311,
"watchers_count": 2311,
"stargazers_count": 2313,
"watchers_count": 2313,
"forks_count": 647,
"forks": 647,
"watchers": 2311,
"watchers": 2313,
"score": 0
},
{

8
2019/CVE-2019-2618.json
View file

@ -151,13 +151,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-02-01T09:04:37Z",
"updated_at": "2021-02-01T10:34:10Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 908,
"watchers_count": 908,
"stargazers_count": 909,
"watchers_count": 909,
"forks_count": 215,
"forks": 215,
"watchers": 908,
"watchers": 909,
"score": 0
}
]

23
2019/CVE-2019-5736.json
View file

@ -22,29 +22,6 @@
"watchers": 181,
"score": 0
},
{
"id": 170445833,
"name": "CVE-2019-5736-PoC",
"full_name": "Frichetten\/CVE-2019-5736-PoC",
"owner": {
"login": "Frichetten",
"id": 10386884,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10386884?v=4",
"html_url": "https:\/\/github.com\/Frichetten"
},
"html_url": "https:\/\/github.com\/Frichetten\/CVE-2019-5736-PoC",
"description": "PoC for CVE-2019-5736",
"fork": false,
"created_at": "2019-02-13T05:26:32Z",
"updated_at": "2021-01-28T14:24:14Z",
"pushed_at": "2019-02-19T11:45:13Z",
"stargazers_count": 456,
"watchers_count": 456,
"forks_count": 113,
"forks": 113,
"watchers": 456,
"score": 0
},
{
"id": 171499608,
"name": "poc-cve-2019-5736",

4
2019/CVE-2019-7482.json
View file

@ -59,8 +59,8 @@
"description": null,
"fork": false,
"created_at": "2021-01-30T09:50:47Z",
"updated_at": "2021-02-01T07:00:33Z",
"pushed_at": "2021-02-01T07:00:31Z",
"updated_at": "2021-02-01T14:42:40Z",
"pushed_at": "2021-02-01T14:42:37Z",
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 1,

25
2019/CVE-2019-8943.json Normal file
View file

@ -0,0 +1,25 @@
[
{
"id": 334947839,
"name": "CVE-2019-8943",
"full_name": "v0lck3r\/CVE-2019-8943",
"owner": {
"login": "v0lck3r",
"id": 61425261,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/61425261?v=4",
"html_url": "https:\/\/github.com\/v0lck3r"
},
"html_url": "https:\/\/github.com\/v0lck3r\/CVE-2019-8943",
"description": "Exploit of CVE-2019-8942 and CVE-2019-8943 ",
"fork": false,
"created_at": "2021-02-01T12:47:28Z",
"updated_at": "2021-02-01T12:53:58Z",
"pushed_at": "2021-02-01T12:53:56Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
}
]

8
2020/CVE-2020-14756.json
View file

@ -13,13 +13,13 @@
"description": "WebLogic T3\/IIOP RCE ExternalizableHelper.class of coherence.jar",
"fork": false,
"created_at": "2021-01-27T01:24:52Z",
"updated_at": "2021-01-30T10:54:38Z",
"updated_at": "2021-02-01T09:35:49Z",
"pushed_at": "2021-01-27T01:40:56Z",
"stargazers_count": 46,
"watchers_count": 46,
"stargazers_count": 47,
"watchers_count": 47,
"forks_count": 6,
"forks": 6,
"watchers": 46,
"watchers": 47,
"score": 0
}
]

31
2020/CVE-2020-14882.json
View file

@ -13,36 +13,13 @@
"description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340",
"fork": false,
"created_at": "2020-04-01T09:33:35Z",
"updated_at": "2021-02-01T01:37:13Z",
"updated_at": "2021-02-01T14:48:46Z",
"pushed_at": "2020-11-07T05:55:00Z",
"stargazers_count": 2311,
"watchers_count": 2311,
"stargazers_count": 2313,
"watchers_count": 2313,
"forks_count": 647,
"forks": 647,
"watchers": 2311,
"score": 0
},
{
"id": 302553989,
"name": "vulmap",
"full_name": "zhzyker\/vulmap",
"owner": {
"login": "zhzyker",
"id": 32918050,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/32918050?v=4",
"html_url": "https:\/\/github.com\/zhzyker"
},
"html_url": "https:\/\/github.com\/zhzyker\/vulmap",
"description": "Vulmap - Web vulnerability scanning and verification tools支持扫描 activemq, flink, shiro, solr, struts2, tomcat, unomi, drupal, elasticsearch, nexus, weblogic, jboss, thinkphp并且具备漏洞利用功能。CVE-2020-14882, CVE-2020-2555, CVE-2020-2883, S2-061, CVE-2020-13942, CVE-2020-17530, CVE-2020-17518, CVE-2020-17519",
"fork": false,
"created_at": "2020-10-09T06:34:36Z",
"updated_at": "2021-02-01T09:12:02Z",
"pushed_at": "2021-02-01T09:12:00Z",
"stargazers_count": 851,
"watchers_count": 851,
"forks_count": 155,
"forks": 155,
"watchers": 851,
"watchers": 2313,
"score": 0
},
{

8
2020/CVE-2020-2551.json
View file

@ -13,13 +13,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-02-01T09:04:37Z",
"updated_at": "2021-02-01T10:34:10Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 908,
"watchers_count": 908,
"stargazers_count": 909,
"watchers_count": 909,
"forks_count": 215,
"forks": 215,
"watchers": 908,
"watchers": 909,
"score": 0
},
{

8
2020/CVE-2020-3452.json
View file

@ -59,13 +59,13 @@
"description": "CVE-2020-3452 Cisco ASA Scanner -unauth Path Traversal Check",
"fork": false,
"created_at": "2020-07-24T15:04:45Z",
"updated_at": "2021-01-08T14:50:38Z",
"updated_at": "2021-02-01T10:10:11Z",
"pushed_at": "2020-08-30T21:34:41Z",
"stargazers_count": 16,
"watchers_count": 16,
"stargazers_count": 17,
"watchers_count": 17,
"forks_count": 5,
"forks": 5,
"watchers": 16,
"watchers": 17,
"score": 0
},
{

8
2020/CVE-2020-6287.json
View file

@ -36,13 +36,13 @@
"description": "PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https:\/\/github.com\/rapid7\/metasploit-framework\/pull\/13852\/commits\/d1e2c75b3eafa7f62a6aba9fbe6220c8da97baa8 This PoC only create user with unauthentication permission and no more administrator permission set. This project is created only for educational purposes and cannot be used for law violation or personal gain. The author of this project is not responsible for any possible harm caused by the materials of this project. Original finding: CVE-2020-6287: Pablo Artuso CVE-2020-6286: Yvan 'iggy' G. Usage: python sap-CVE-2020-6287-add-user.py <HTTP(s):\/\/IP:Port",
"fork": false,
"created_at": "2020-07-20T18:45:53Z",
"updated_at": "2021-01-30T10:32:19Z",
"updated_at": "2021-02-01T10:59:52Z",
"pushed_at": "2020-07-21T18:50:07Z",
"stargazers_count": 73,
"watchers_count": 73,
"stargazers_count": 74,
"watchers_count": 74,
"forks_count": 21,
"forks": 21,
"watchers": 73,
"watchers": 74,
"score": 0
},
{

23
2020/CVE-2020-7247.json
View file

@ -67,5 +67,28 @@
"forks": 0,
"watchers": 2,
"score": 0
},
{
"id": 334951447,
"name": "CVE-2020-7247",
"full_name": "jopraveen\/CVE-2020-7247",
"owner": {
"login": "jopraveen",
"id": 56404692,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/56404692?v=4",
"html_url": "https:\/\/github.com\/jopraveen"
},
"html_url": "https:\/\/github.com\/jopraveen\/CVE-2020-7247",
"description": "This vulnerability exists in OpenBSDs mail server OpenSMTPDs “smtp_mailaddr()” function, and affects OpenBSD version 6.6. This allows an attacker to execute arbitrary shell commands like “sleep 66” as root user",
"fork": false,
"created_at": "2021-02-01T13:01:21Z",
"updated_at": "2021-02-01T13:20:48Z",
"pushed_at": "2021-02-01T13:20:06Z",
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 0,
"forks": 0,
"watchers": 1,
"score": 0
}
]

8
2021/CVE-2021-3129.json
View file

@ -36,13 +36,13 @@
"description": "Laravel debug rce",
"fork": false,
"created_at": "2021-01-22T05:12:21Z",
"updated_at": "2021-01-30T05:29:51Z",
"updated_at": "2021-02-01T10:38:02Z",
"pushed_at": "2021-01-24T05:28:07Z",
"stargazers_count": 52,
"watchers_count": 52,
"stargazers_count": 53,
"watchers_count": 53,
"forks_count": 17,
"forks": 17,
"watchers": 52,
"watchers": 53,
"score": 0
},
{

59
2021/CVE-2021-3156.json
View file

@ -59,13 +59,13 @@
"description": "CVE-2021-3156",
"fork": false,
"created_at": "2021-01-27T16:03:34Z",
"updated_at": "2021-02-01T08:43:24Z",
"updated_at": "2021-02-01T11:24:20Z",
"pushed_at": "2021-01-31T04:56:56Z",
"stargazers_count": 83,
"watchers_count": 83,
"stargazers_count": 84,
"watchers_count": 84,
"forks_count": 42,
"forks": 42,
"watchers": 83,
"watchers": 84,
"score": 0
},
{
@ -335,13 +335,13 @@
"description": "PoC for CVE-2021-3156 (sudo heap overflow)",
"fork": false,
"created_at": "2021-01-30T03:22:04Z",
"updated_at": "2021-02-01T09:07:48Z",
"updated_at": "2021-02-01T14:42:06Z",
"pushed_at": "2021-01-30T04:30:24Z",
"stargazers_count": 206,
"watchers_count": 206,
"forks_count": 54,
"forks": 54,
"watchers": 206,
"stargazers_count": 218,
"watchers_count": 218,
"forks_count": 58,
"forks": 58,
"watchers": 218,
"score": 0
},
{
@ -381,13 +381,13 @@
"description": null,
"fork": false,
"created_at": "2021-01-30T20:39:58Z",
"updated_at": "2021-02-01T09:10:19Z",
"updated_at": "2021-02-01T15:11:15Z",
"pushed_at": "2021-02-01T09:10:16Z",
"stargazers_count": 191,
"watchers_count": 191,
"forks_count": 61,
"forks": 61,
"watchers": 191,
"stargazers_count": 223,
"watchers_count": 223,
"forks_count": 70,
"forks": 70,
"watchers": 223,
"score": 0
},
{
@ -477,8 +477,8 @@
"pushed_at": "2021-01-31T23:03:51Z",
"stargazers_count": 2,
"watchers_count": 2,
"forks_count": 0,
"forks": 0,
"forks_count": 1,
"forks": 1,
"watchers": 2,
"score": 0
},
@ -504,5 +504,28 @@
"forks": 0,
"watchers": 0,
"score": 0
},
{
"id": 334914030,
"name": "CVE-2021-3156-Patch",
"full_name": "Ashish-dawani\/CVE-2021-3156-Patch",
"owner": {
"login": "Ashish-dawani",
"id": 11299833,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11299833?v=4",
"html_url": "https:\/\/github.com\/Ashish-dawani"
},
"html_url": "https:\/\/github.com\/Ashish-dawani\/CVE-2021-3156-Patch",
"description": "Patch Script for CVE-2021-3156 Heap Overflow",
"fork": false,
"created_at": "2021-02-01T10:35:03Z",
"updated_at": "2021-02-01T11:24:51Z",
"pushed_at": "2021-02-01T11:24:49Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
}
]

12
README.md
View file

@ -84,6 +84,7 @@ Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalat
- [kal1gh0st/CVE-2021-3156](https://github.com/kal1gh0st/CVE-2021-3156)
- [apogiatzis/docker-CVE-2021-3156](https://github.com/apogiatzis/docker-CVE-2021-3156)
- [voidlsd/CVE-2021-3156](https://github.com/voidlsd/CVE-2021-3156)
- [Ashish-dawani/CVE-2021-3156-Patch](https://github.com/Ashish-dawani/CVE-2021-3156-Patch)
### CVE-2021-3164 (2021-01-21)
@ -1235,6 +1236,7 @@ smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and oth
- [FiroSolutions/cve-2020-7247-exploit](https://github.com/FiroSolutions/cve-2020-7247-exploit)
- [superzerosec/cve-2020-7247](https://github.com/superzerosec/cve-2020-7247)
- [r0lh/CVE-2020-7247](https://github.com/r0lh/CVE-2020-7247)
- [jopraveen/CVE-2020-7247](https://github.com/jopraveen/CVE-2020-7247)
### CVE-2020-7283 (2020-07-03)
@ -2611,7 +2613,6 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
</code>
- [zhzyker/exphub](https://github.com/zhzyker/exphub)
- [zhzyker/vulmap](https://github.com/zhzyker/vulmap)
- [jas502n/CVE-2020-14882](https://github.com/jas502n/CVE-2020-14882)
- [s1kr10s/CVE-2020-14882](https://github.com/s1kr10s/CVE-2020-14882)
- [Umarovm/-Patched-McMaster-University-Blind-Command-Injection](https://github.com/Umarovm/-Patched-McMaster-University-Blind-Command-Injection)
@ -4787,7 +4788,6 @@ runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allow
</code>
- [q3k/cve-2019-5736-poc](https://github.com/q3k/cve-2019-5736-poc)
- [Frichetten/CVE-2019-5736-PoC](https://github.com/Frichetten/CVE-2019-5736-PoC)
- [b3d3c/poc-cve-2019-5736](https://github.com/b3d3c/poc-cve-2019-5736)
- [twistlock/RunC-CVE-2019-5736](https://github.com/twistlock/RunC-CVE-2019-5736)
- [yyqs2008/CVE-2019-5736-PoC-2](https://github.com/yyqs2008/CVE-2019-5736-PoC-2)
@ -5218,6 +5218,14 @@ WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because
- [brianwrf/WordPress_4.9.8_RCE_POC](https://github.com/brianwrf/WordPress_4.9.8_RCE_POC)
- [synacktiv/CVE-2019-8942](https://github.com/synacktiv/CVE-2019-8942)
### CVE-2019-8943 (2019-02-19)
<code>
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
</code>
- [v0lck3r/CVE-2019-8943](https://github.com/v0lck3r/CVE-2019-8943)
### CVE-2019-8956 (2019-04-01)
<code>