exploitDog

GHSA-jgrp-j9c7-qv87

Опубликовано: 04 июл. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks

Ссылки

EPSS

Процентиль: 93%

0.10801

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2023-1273

CVSS3: 8.8

nvd

больше 2 лет назад

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks

BDU:2023-06186

CVSS3: 8.8

fstec

больше 2 лет назад

Уязвимость плагина ND Shortcodes системы управления содержимым сайта WordPress, позволяющая нарушителю выполнять LFI-атаки

EPSS

Процентиль: 93%

0.10801

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-22