exploitDog

GHSA-7v4v-c3pr-fgrq

Опубликовано: 12 дек. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE

Ссылки

EPSS

Процентиль: 99%

0.80897

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-3982

CVSS3: 9.8

nvd

около 3 лет назад

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE

EPSS

Процентиль: 99%

0.80897

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434