9.8
CVE-2022-1952
- EPSS 85.9%
- Veröffentlicht 11.07.2022 13:15:09
- Zuletzt bearbeitet 23.01.2026 19:32:27
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginFree Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
Mögliche Gegenmaßnahme
eaSYNC Booking – Hotels, Restaurants & Car Rentals: Update to version 1.1.16, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
eaSYNC Booking – Hotels, Restaurants & Car Rentals
Version
*-1.1.15
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Syntacticsinc ≫ Easync SwPlatformwordpress Version < 1.1.16
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 85.9% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.