CVE-2019-10271

{"id": "CVE-2019-10271", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-06-24T19:15:10.553", "references": [{"url": "https://cxsecurity.com/issue/WLB-2019060120", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cxsecurity.com/issue/WLB-2019060120", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. To perform such a modification, one first needs to (for example) intercept an upload-picture request and modify the user_id parameter."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el plugin Ultimate Member versi\u00f3n 2.39 para WordPress. Este permite la modificaci\u00f3n no autorizada del perfil y foto de portada. Es posible modificar el perfil y la imagen de portada de cualquier usuario una vez que est\u00e9 conectado. Tambi\u00e9n se puede modificar los perfiles y las im\u00e1genes de portada de usuarios privilegiados. Para realizar dicha modificaci\u00f3n, primero necesita (por ejemplo) interceptar una petici\u00f3n de carga de imagen y modificar el par\u00e1metro user_id."}], "lastModified": "2024-11-21T04:18:47.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A0451A41-7BA3-42DA-A431-52551BC7C4EE", "versionEndExcluding": "2.0.40"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}