Описание
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Ссылки
- ExploitThird Party Advisory
- Product
- Patch
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.9.6 (исключая)
cpe:2.3:a:eoxia:wpshop_2:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 98%
0.61667
Средний
9.8 Critical
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
7 месяцев назад
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
EPSS
Процентиль: 98%
0.61667
Средний
9.8 Critical
CVSS3
Дефекты
CWE-434