WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
References
Configurations
Information
Published : 2016-08-07 09:59
Updated : 2017-11-03 18:29
NVD link : CVE-2016-4029
Mitre link : CVE-2016-4029
JSON object : View
CWE
CWE-285
Improper Authorization
Products Affected
wordpress
- wordpress