exploitDog

CVE-2023-5601

Опубликовано: 06 нояб. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.

Ссылки

https://wpscan.com/vulnerability/0035ec5e-d405-4eb7-8fe4-29dd0c71e4bc
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/0035ec5e-d405-4eb7-8fe4-29dd0c71e4bc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atomicwebstrategy:woocommerce_ninja_forms_product_add-ons:*:*:*:*:*:wordpress:*:*

Версия до 1.7.1 (исключая)

EPSS

Процентиль: 74%

0.00806

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-h8jx-25pr-hgm3

CVSS3: 9.8

github

больше 2 лет назад

The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.

EPSS

Процентиль: 74%

0.00806

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434