exploitDog

CVE-2022-4328

Опубликовано: 06 мар. 2023

Источник: nvd

CVSS3: 9.8

EPSS Высокий

Описание

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

Ссылки

https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:najeebmedia:woocommerce_checkout_field_manager:*:*:*:*:*:wordpress:*:*

Версия до 18.0 (исключая)

EPSS

Процентиль: 99%

0.80251

Высокий

9.8 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-mqr5-jg85-4hvx

CVSS3: 9.8

github

почти 3 года назад

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server

EPSS

Процентиль: 99%

0.80251

Высокий

9.8 Critical

CVSS3

Дефекты