exploitDog

CVE-2022-1409

Опубликовано: 16 мая 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code

Ссылки

https://wpscan.com/vulnerability/1330f8f7-4a59-4e9d-acae-21656a4101fe
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/1330f8f7-4a59-4e9d-acae-21656a4101fe
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vikwp:hotel_booking_engine_\&_pms:*:*:*:*:*:wordpress:*:*

Версия до 1.5.8 (исключая)

EPSS

Процентиль: 75%

0.00907

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-wjwh-xprm-35wv

CVSS3: 7.2

github

больше 3 лет назад

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code

EPSS

Процентиль: 75%

0.00907

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434