Описание
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Exploit
- Vendor Advisory
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.13.1 (включая)
Одновременно
cpe:2.3:a:wordpress:fcchat_widget:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.11619
Средний
6.8 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
около 3 лет назад
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.
EPSS
Процентиль: 93%
0.11619
Средний
6.8 Medium
CVSS2
Дефекты
CWE-264