7.5
CVE-2013-0724
- EPSS 0.69%
- Veröffentlicht 27.05.2014 14:55:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginWP eCommerce Shop Styling < 1.8 - Remote File Inclusion
PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter.
Mögliche Gegenmaßnahme
WP eCommerce Shop Styling: Update to version 1.8, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP eCommerce Shop Styling
Version
[*, 1.8)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpshopstyling ≫ Wp-ecommerce-shop-styling SwPlatformwordpress Version <= 1.7
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.0 SwPlatformwordpress
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.2 SwPlatformwordpress
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.3 SwPlatformwordpress
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.4 SwPlatformwordpress
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.5 SwPlatformwordpress
Wpshopstyling ≫ Wp-ecommerce-shop-styling Version1.6 SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.69% | 0.695 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.