Описание
Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.
Ссылки
- Release NotesThird Party Advisory
- Release NotesVendor Advisory
- Release NotesThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.3 (включая)
cpe:2.3:a:vikwp:vikbooking_hotel_booking_engine_\&_property_management_system_plugin:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 78%
0.01174
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.
EPSS
Процентиль: 78%
0.01174
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434