4.3
CVE-2018-0587
- EPSS 0.16%
- Veröffentlicht 14.05.2018 13:29:02
- Zuletzt bearbeitet 21.11.2024 03:38:32
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginUltimate Member <= 2.0.3 - Unauthorized Image File Upload
Ultimate Member < 2.0.4 - Authenticated Unrestricted File Upload
Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.
Mögliche Gegenmaßnahme
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin: Update to version 2.0.4, or a newer patched version
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin: Update to version 2.0.4, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Version
* - 2.0.3
SystemWordPress Plugin
≫
Produkt
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Version
[*, 2.0.4)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ultimatemember ≫ User Profile & Membership SwPlatformwordpress Version < 2.0.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.333 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.