CVE-2022-1091

Опубликовано: 18 апр. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks).

Ссылки

https://github.com/10up/safe-svg/pull/28
Patch
Third Party Advisory
https://wpscan.com/vulnerability/4d12533e-bdb7-411f-bcdf-4c5046db13f3
Exploit
Third Party Advisory
https://github.com/10up/safe-svg/pull/28
Patch
Third Party Advisory
https://wpscan.com/vulnerability/4d12533e-bdb7-411f-bcdf-4c5046db13f3
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:10up:safe_svg:*:*:*:*:*:wordpress:*:*

Версия до 1.9.10 (исключая)

EPSS

Процентиль: 64%

0.00468

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5h7w-hmxc-99g5