exploitDog

GHSA-h8jx-25pr-hgm3

Опубликовано: 06 нояб. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.

Ссылки

EPSS

Процентиль: 74%

0.00806

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2023-5601

CVSS3: 9.8

nvd

больше 2 лет назад

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.

EPSS

Процентиль: 74%

0.00806

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434