Описание
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.2 (исключая)
cpe:2.3:a:seur_oficial_project:seur_oficial:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 70%
0.00639
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-552
CWE-552
Связанные уязвимости
github
около 4 лет назад
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.
EPSS
Процентиль: 70%
0.00639
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-552
CWE-552