Описание
The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0 (включая)
cpe:2.3:a:easy-form-builder-by-bitware_project:easy-form-builder-by-bitware:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 84%
0.02066
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.
EPSS
Процентиль: 84%
0.02066
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434