CVE-2022-0888

Опубликовано: 23 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0

Ссылки

https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607
Exploit
Patch
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888
Third Party Advisory
https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607
Exploit
Patch
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ninjaforms:ninja_forms_file_uploads:*:*:*:*:*:wordpress:*:*

Версия до 3.3.0 (включая)

EPSS

Процентиль: 93%

0.09301

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-6g4g-f39p-q93f