exploitDog

GHSA-w72r-ch4p-xqg3

Опубликовано: 16 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

Ссылки

EPSS

Процентиль: 99%

0.75729

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2023-4666

CVSS3: 9.8

nvd

больше 2 лет назад

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

EPSS

Процентиль: 99%

0.75729

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-434