Описание
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.
Уязвимые конфигурации
Конфигурация 1Версия до 3.4 (включая)
Одновременно
cpe:2.3:a:instinct:e-commerce_plugin:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02657
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
около 3 лет назад
Unrestricted file upload vulnerability in image_processing.php in the e-Commerce Plugin 3.4 and earlier for Wordpress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/plugins/wp-shopping-cart/.
EPSS
Процентиль: 85%
0.02657
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other