exploitDog

CVE-2022-1008

Опубликовано: 11 апр. 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed

Ссылки

https://plugins.trac.wordpress.org/changeset/2695999
Patch
Third Party Advisory
https://wpscan.com/vulnerability/0c2e2b4d-49eb-4fd9-b9f0-3feae80c1082
Exploit
Patch
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2695999
Patch
Third Party Advisory
https://wpscan.com/vulnerability/0c2e2b4d-49eb-4fd9-b9f0-3feae80c1082
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ocdi:one_click_demo_import:*:*:*:*:*:wordpress:*:*

Версия до 3.1.0 (исключая)

EPSS

Процентиль: 79%

0.01214

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-qqj4-453q-5665

CVSS3: 7.2

github

почти 4 года назад

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed

EPSS

Процентиль: 79%

0.01214

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434