8.8
CVE-2022-1103
- EPSS 14.28%
- Veröffentlicht 16.05.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:40:02
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAdvanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload
Advanced uploader <= 4.2 - Authenticated (Subscriber+) Arbitrary File Upload
The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
Mögliche Gegenmaßnahme
Advanced uploader: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advanced Uploader Project ≫ Advanced Uploader SwPlatformwordpress Version <= 4.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Advanced uploader
Version
*-4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 14.28% | 0.961 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18
https://www.wordfence.com/threat-intel/vulnerabilities/id/4137b8a6-532a-42fb-aa16-7d1de0e2f11f