CVE-2021-38360

Опубликовано: 10 сент. 2021

Источник: nvd

CVSS3: 8.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.

Ссылки

https://plugins.trac.wordpress.org/browser/wp-publications/trunk/bibtexbrowser.php?rev=1830330#L49
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38360
Third Party Advisory
https://plugins.trac.wordpress.org/browser/wp-publications/trunk/bibtexbrowser.php?rev=1830330#L49
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38360
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp-publications_project:wp-publications:-:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 89%

0.04628

Низкий

8.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

CWE-829

Связанные уязвимости

GHSA-m98h-48v7-g4f9

github

больше 3 лет назад

EPSS

Процентиль: 89%

0.04628

Низкий

8.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

CWE-829