Описание
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks.
EPSS
Процентиль: 19%
0.00061
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.5
github
4 месяца назад
The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such as contributors, to perform LFI attacks.
EPSS
Процентиль: 19%
0.00061
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-22