CVE-2020-24186

Опубликовано: 24 авг. 2020

Источник: nvd

CVSS3: 10

CVSS2: 7.5

EPSS Критический

Описание

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.

Ссылки

http://packetstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/163012/WordPress-wpDiscuz-7.0.4-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/163302/WordPress-wpDiscuz-7.0.4-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/163012/WordPress-wpDiscuz-7.0.4-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/163302/WordPress-wpDiscuz-7.0.4-Shell-Upload.html
Exploit
Third Party Advisory
VDB Entry
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*

Версия от 7.0 (включая) до 7.0.4 (включая)

EPSS

Процентиль: 100%

0.94213

Критический

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-c73j-6x9h-mrv2

github

больше 3 лет назад