Описание
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.
Ссылки
- Vendor Advisory
- Exploit
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:tbelmans:mm_forms_community:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:tbelmans:mm_forms_community:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.21784
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
около 3 лет назад
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.
EPSS
Процентиль: 95%
0.21784
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other