CVE-2019-15866

Опубликовано: 03 сент. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.

Ссылки

https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-crelly-slider-plugin/
Exploit
Third Party Advisory
https://wordpress.org/plugins/crelly-slider/#developers
Release Notes
Vendor Advisory
https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-crelly-slider-plugin/
Exploit
Third Party Advisory
https://wordpress.org/plugins/crelly-slider/#developers
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:crelly_slider_project:crelly_slider:*:*:*:*:*:wordpress:*:*

Версия до 1.3.5 (исключая)

EPSS

Процентиль: 64%

0.00462

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-72fx-896j-273r