exploitDog

CVE-2022-4395

Опубликовано: 30 янв. 2023

Источник: nvd

CVSS3: 9.8

EPSS Высокий

Описание

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

Ссылки

https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/177934/WordPress-Membership-For-WooCommerce-Shell-Upload.html
https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/51959

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpswings:membership_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 2.1.7 (исключая)

EPSS

Процентиль: 99%

0.75211

Высокий

9.8 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-v7vm-v25x-84fh

CVSS3: 9.8

github

около 3 лет назад

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

EPSS

Процентиль: 99%

0.75211

Высокий

9.8 Critical

CVSS3

Дефекты