7.5
CVE-2013-0724
- EPSS 0.69%
- Veröffentlicht 27.05.2014 14:55:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle PSIRT-CNA@flexerasoftware.com
- Teams Watchlist Login
- Unerledigt Login
PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpshopstyling ≫ Wp-ecommerce-shop-styling SwPlatformwordpress Version <= 1.7
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.0 SwPlatformwordpress
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.2 SwPlatformwordpress
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.3 SwPlatformwordpress
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.4 SwPlatformwordpress
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.5 SwPlatformwordpress
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.6 SwPlatformwordpress
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.69% | 0.695 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.