Описание
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.6.9 (исключая)
cpe:2.3:a:soflyy:wp_all_import:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 75%
0.00887
Низкий
7.2 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector.
EPSS
Процентиль: 75%
0.00887
Низкий
7.2 High
CVSS3
Дефекты
CWE-22