Описание
The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.3 (включая)
cpe:2.3:a:axlethemes:axle_demo_importer:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 22%
0.00071
Низкий
8.8 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
8 месяцев назад
The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server
EPSS
Процентиль: 22%
0.00071
Низкий
8.8 High
CVSS3
Дефекты
CWE-434