Vulnerabilities > CVE-2020-28037 - Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c
- https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
- https://wpscan.com/vulnerability/10450
- https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html
- https://www.debian.org/security/2020/dsa-4784
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/