Описание
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-35489
- https://contactform7.com/2020/12/17/contact-form-7-532
- https://wordpress.org/plugins/contact-form-7/#developers
- https://wpscan.com/vulnerability/10508
- https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload
- https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7
Связанные уязвимости
CVSS3: 10
nvd
около 5 лет назад
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
CVSS3: 10
fstec
около 5 лет назад
Уязвимость плагина Contact Form 7 системы управления содержимым сайта WordPress, позволяющая нарушителю загрузить файлы произвольного типа и выполнить произвольный код