Webtoffee 1.3.0 on WordPress WF_CustomerImpExpCsv_Exporter CSV File privilege escalation – Digitalmunition




Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on August 25th, 2019 📆 | 5666 Views ⚑

0

Webtoffee 1.3.0 on WordPress WF_CustomerImpExpCsv_Exporter CSV File privilege escalation

CVSS Meta Temp ScoreCurrent Exploit Price (≈)
5.5$0-$5k

A vulnerability, which was classified as critical, has been found in Webtoffee WordPress Users & WooCommerce Customers Import Export Plugin 1.3.0 on WordPress (E-Commerce Management Software). This issue affects the function WF_CustomerImpExpCsv_Exporter. The manipulation as part of a CSV File leads to a privilege escalation vulnerability (CSV Injection). Using CWE to declare the problem leads to CWE-269. Impacted is confidentiality, integrity, and availability.

The weakness was disclosed 08/23/2019. The identification of this vulnerability is CVE-2019-15092 since 08/15/2019. Technical details are known, but no exploit is available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/24/2019).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Type

Vendor

Name

VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.5

VulDB Base Score: ≈5.5
VulDB Temp Score: ≈5.5
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Privilege escalation / CSV Injection (CWE-269)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: no mitigation known

0-Day Time: 🔒

08/15/2019 CVE assigned
08/23/2019 +8 days Advisory disclosed
08/24/2019 +1 days VulDB entry created
08/24/2019 +0 days VulDB last update
CVE: CVE-2019-15092 (🔒)Created: 08/24/2019 10:56 AM
Complete: 🔍

Upgrade your account now!

https://vuldb.com/?id.140717

Tagged with:



Leave a Reply