exploitDog

CVE-2022-3921

Опубликовано: 12 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE

Ссылки

https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themographics:listingo:*:*:*:*:*:wordpress:*:*

Версия до 3.2.7 (исключая)

EPSS

Процентиль: 92%

0.08911

Низкий

9.8 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-frm5-37j3-v45h

CVSS3: 9.8

github

около 3 лет назад

The does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE

EPSS

Процентиль: 92%

0.08911

Низкий

9.8 Critical

CVSS3

Дефекты