Описание
The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.
Уязвимые конфигурации
Конфигурация 1Версия до 1.9 (исключая)
cpe:2.3:a:bitapps:bit_form:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 90%
0.0526
Низкий
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.
EPSS
Процентиль: 90%
0.0526
Низкий
9.8 Critical
CVSS3