exploitDog

GHSA-v7vm-v25x-84fh

Опубликовано: 30 янв. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

Ссылки

EPSS

Процентиль: 99%

0.7549

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-4395

CVSS3: 9.8

nvd

около 3 лет назад

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

EPSS

Процентиль: 99%

0.7549

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434