What is CVE-2018-20463?

CVE-2018-20463 is a vulnerability in N/a. Published 2018-12-25.

Is CVE-2018-20463 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-20463

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF.

EPSS: 0.815 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Henry4E36/CVE-2018-20463
20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
AlienTec1908/Smol_
Sammyzean45/smol.thm
doankhanh212/TryHackMe-Smol
oska45/Penetration-Testing-of-Multiple-Machines

References

www.cbiu.cc/2018/12/WordPress插件jsmol2wp漏洞/ (x_refsource_MISC)
wpvulndb.com/vulnerabilities/9197 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-20463?: CVE-2018-20463 is a vulnerability in N/a. Published 2018-12-25.
Is CVE-2018-20463 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.