exploitDog

GHSA-fr4x-3m2g-jm28

Опубликовано: 13 сент. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 8.1

Описание

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server

Ссылки

EPSS

Процентиль: 42%

0.00197

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2024-7863

CVSS3: 6.8

nvd

больше 1 года назад

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server

EPSS

Процентиль: 42%

0.00197

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-352