9.8
CVE-2022-1952
- EPSS 17.57%
- Veröffentlicht 11.07.2022 13:15:09
- Zuletzt bearbeitet 23.01.2026 19:32:27
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LogineaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
Mögliche Gegenmaßnahme
eaSYNC Booking – Hotels, Restaurants & Car Rentals: Update to version 1.1.16, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Syntacticsinc ≫ Easync SwPlatformwordpress Version < 1.1.16
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
eaSYNC Booking – Hotels, Restaurants & Car Rentals
Version
*-1.1.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 17.57% | 0.968 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://wpscan.com/vulnerability/ecf61d17-8b07-4cb6-93a8-64c2c4fbbe04
https://www.wordfence.com/threat-intel/vulnerabilities/id/0295711d-5da6-4e28-9151-b0ce762c7eb7