exploitDog

GHSA-mqr5-jg85-4hvx

Опубликовано: 06 мар. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

Ссылки

EPSS

Процентиль: 99%

0.80251

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-4328

CVSS3: 9.8

nvd

почти 3 года назад

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

EPSS

Процентиль: 99%

0.80251

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434