9.8
CVE-2011-10004
- EPSS 0.6%
- Veröffentlicht 17.10.2023 00:15:10
- Zuletzt bearbeitet 21.11.2024 01:25:17
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Loginreciply Plugin uploadImage.php unrestricted upload
Recip.ly <= 1.1.7 - Unauthenticated Arbitrary File Upload in uploadImage.php
A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability.
Mögliche Gegenmaßnahme
Recip.ly Plugin: Update to version 1.1.8, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Reciply Project ≫ Reciply SwPlatformwordpress Version < 1.1.8
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Recip.ly Plugin
Version
*-1.1.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.439 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://github.com/wp-plugins/reciply/commit/e3ff616dc08d3aadff9253f1085e13f677d0c676
https://vuldb.com/?ctiid.242189
https://vuldb.com/?id.242189
https://www.wordfence.com/threat-intel/vulnerabilities/id/068da172-629d-422a-bcd5-1b73af2a5933