exploitDog

CVE-2024-5807

Опубликовано: 30 июл. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.

Ссылки

https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:esterox:business_card:1.0.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 71%

0.00674

Низкий

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-42w6-9898-chc9

CVSS3: 7.2

github

больше 1 года назад

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.

EPSS

Процентиль: 71%

0.00674

Низкий

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo