Описание
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
Ссылки
- Product
- Product
- Third Party Advisory
- Product
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.9.7 (исключая)
cpe:2.3:a:welcart:welcart_e-commerce:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 32%
0.00125
Низкий
4.1 Medium
CVSS3
2.7 Low
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 4.1
github
около 2 лет назад
The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.
EPSS
Процентиль: 32%
0.00125
Низкий
4.1 Medium
CVSS3
2.7 Low
CVSS3
Дефекты
CWE-22