Описание
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Ссылки
- Product
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.6.6 (исключая)
cpe:2.3:a:artbees:jupiter_x_core:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 91%
0.06558
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
EPSS
Процентиль: 91%
0.06558
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434