Описание
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.3 (включая)
cpe:2.3:a:kiwiz_invoices_certification_\&_pdf_system_project:kiwiz_invoices_certification_\&_pdf_system:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 61%
0.00412
Низкий
7.5 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)
EPSS
Процентиль: 61%
0.00412
Низкий
7.5 High
CVSS3