CVE-2023-5241

Опубликовано: 19 окт. 2023

Источник: nvd

CVSS3: 9.6

CVSS3: 8.1

EPSS Низкий

Описание

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:quantumcloud:wpbot:*:*:*:*:*:wordpress:*:*

Версия до 4.9.1 (исключая)

cpe:2.3:a:quantumcloud:wpbot:4.9.2:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 85%

0.02449

Низкий

9.6 Critical

CVSS3

8.1 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-v28w-vh2w-263g

CVSS3: 9.6

github

больше 2 лет назад

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.

EPSS

Процентиль: 85%

0.02449

Низкий

9.6 Critical

CVSS3

8.1 High

CVSS3

Дефекты

CWE-22