exploitDog

CVE-2022-2268

Опубликовано: 04 июл. 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE

Ссылки

https://wpscan.com/vulnerability/578093db-a025-4148-8c4b-ec2df31743f7
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/578093db-a025-4148-8c4b-ec2df31743f7
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:soflyy:wp_all_import:*:*:*:*:*:wordpress:*:*

Версия до 3.6.8 (исключая)

EPSS

Процентиль: 76%

0.00956

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-ph58-3qm4-jpww

CVSS3: 7.2

github

больше 3 лет назад

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE

EPSS

Процентиль: 76%

0.00956

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

CWE-434