exploitDog

CVE-2022-2180

Опубликовано: 15 авг. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE).

Ссылки

https://wpscan.com/vulnerability/c330f92b-1e21-414f-b316-d5e97cb62bd1
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c330f92b-1e21-414f-b316-d5e97cb62bd1
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:greyd:greyd.suite:*:*:*:*:*:wordpress:*:*

Версия до 1.2.7 (исключая)

EPSS

Процентиль: 91%

0.07236

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-vx2x-wm5h-864r

CVSS3: 9.8

github

больше 3 лет назад

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE).

EPSS

Процентиль: 91%

0.07236

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434