exploitDog

CVE-2021-25119

Опубликовано: 16 мая 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE

Ссылки

https://wpscan.com/vulnerability/47235989-d9f1-48a5-9799-fdef0889bf8a
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/47235989-d9f1-48a5-9799-fdef0889bf8a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpsocket:automatic_grid_image_listing:*:*:*:*:*:wordpress:*:*

Версия до 1.0 (включая)

EPSS

Процентиль: 75%

0.00907

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-jj2q-3vcq-6pjc

CVSS3: 7.2

github

больше 3 лет назад

The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE

EPSS

Процентиль: 75%

0.00907

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434