Vulnerabilities > CVE-2020-28037 - Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
wordpress
fedoraproject
debian
CWE-754
critical

Summary

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation).

Vulnerable Configurations

Part Description Count
Application
Wordpress
942
OS
Fedoraproject
3
OS
Debian
1