Описание
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.1 (включая)
cpe:2.3:a:naziinfotech:ni_purchase_order\(po\)_for_woocommerce:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 68%
0.0056
Низкий
7.2 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 7.2
github
около 2 лет назад
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.
EPSS
Процентиль: 68%
0.0056
Низкий
7.2 High
CVSS3
Дефекты
CWE-434