Описание
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-24370
- https://lists.openwall.net/full-disclosure/2020/11/17/2
- https://seclists.org/fulldisclosure/2020/Nov/30
- https://wpscan.com/vulnerability/82c52461-1fdc-41e4-9f51-f9dd84962b38
- https://www.secpod.com/blog/critical-zero-day-flaw-actively-exploited-in-wordpress-fancy-product-designer-plugin
- https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack
Связанные уязвимости
CVSS3: 9.8
nvd
больше 4 лет назад
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.