Описание
The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.2 (исключая)
cpe:2.3:a:wpdevart:booking_calendar:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 99%
0.80897
Высокий
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE
EPSS
Процентиль: 99%
0.80897
Высокий
9.8 Critical
CVSS3