4.9
CVE-2024-3112
- EPSS 0.41%
- Veröffentlicht 12.07.2024 06:15:03
- Zuletzt bearbeitet 21.11.2024 09:28:55
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginQuotes and Tips < 1.45 - Admin+ Arbitrary File Upload
Quotes and Tips by BestWebSoft <= 1.44 - Authenticated (Admin+) Arbitrary File Upload
The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Mögliche Gegenmaßnahme
Quotes and Tips by BestWebSoft: Update to version 1.45, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bestwebsoft ≫ Quotes And Tips SwPlatformwordpress Version < 1.45
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Quotes and Tips by BestWebSoft
Version
*-1.44
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.329 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://wpscan.com/vulnerability/fa6f01d6-aa3b-4452-9c5f-49bb227fea9d/
https://www.wordfence.com/threat-intel/vulnerabilities/id/3b5f1a1e-8066-4f20-af36-a778e50a3f64