exploitDog

CVE-2023-4666

Опубликовано: 16 окт. 2023

Источник: nvd

CVSS3: 9.8

EPSS Высокий

Описание

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

Ссылки

https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:*

Версия до 1.15.20 (исключая)

EPSS

Процентиль: 99%

0.75729

Высокий

9.8 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-w72r-ch4p-xqg3

CVSS3: 9.8

github

больше 2 лет назад

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

EPSS

Процентиль: 99%

0.75729

Высокий

9.8 Critical

CVSS3

Дефекты