exploitDog

CVE-2022-0499

Опубликовано: 28 мар. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.

Ссылки

https://wpscan.com/vulnerability/e9ccf1fc-1dbf-4a41-bf4a-90af20b286d6
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e9ccf1fc-1dbf-4a41-bf4a-90af20b286d6
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sermon_browser_project:sermon_browser:*:*:*:*:*:wordpress:*:*

Версия до 0.45.22 (включая)

EPSS

Процентиль: 32%

0.0012

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-j8w4-5x7j-f9rc

CVSS3: 8.8

github

почти 4 года назад

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.

EPSS

Процентиль: 32%

0.0012

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352