exploitDog

CVE-2024-5080

Опубликовано: 13 июл. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server

Ссылки

https://wpscan.com/vulnerability/15f78aad-001c-4219-aa7e-46537e1357a2/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/15f78aad-001c-4219-aa7e-46537e1357a2/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tipsandtricks-hq:wp_emember:*:*:*:*:*:wordpress:*:*

Версия до 10.6.6 (исключая)

EPSS

Процентиль: 75%

0.00889

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-j46j-mv29-6g5r

CVSS3: 8.8

github

больше 1 года назад

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server

EPSS

Процентиль: 75%

0.00889

Низкий

8.8 High

CVSS3

Дефекты

CWE-434