9.8
CVE-2020-36706
- EPSS 7.07%
- Veröffentlicht 20.10.2023 07:15:14
- Zuletzt bearbeitet 21.11.2024 05:30:07
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginSimple:Press – WordPress Forum Plugin <= 6.6.0 - Arbitrary File Upload
The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Mögliche Gegenmaßnahme
Simple:Press Forum: Update to version 6.6.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Simple:Press Forum
Version
[*, 6.6.1)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Simple-press ≫ Simple:press SwPlatformwordpress Version < 6.6.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.07% | 0.911 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.