CVE-2022-1103

Опубликовано: 16 мая 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE

Ссылки

https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:advanced_uploader_project:advanced_uploader:*:*:*:*:*:wordpress:*:*

Версия до 4.2 (включая)

EPSS

Процентиль: 95%

0.1664

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-9g2p-9983-m65g