exploitDog

GHSA-frm5-37j3-v45h

Опубликовано: 12 дек. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE

The does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE

Ссылки

EPSS

Процентиль: 92%

0.08911

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-3921

CVSS3: 9.8

nvd

около 3 лет назад

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE

EPSS

Процентиль: 92%

0.08911

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434