exploitDog

CVE-2023-1427

Опубликовано: 17 апр. 2023

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.

Ссылки

https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*

Версия до 1.8.15 (исключая)

EPSS

Процентиль: 33%

0.00134

Низкий

4.9 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-rwcv-wwxv-h77x

CVSS3: 4.9

github

почти 3 года назад

- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.

EPSS

Процентиль: 33%

0.00134

Низкий

4.9 Medium

CVSS3

Дефекты