CVE-2024-3112

Exploit

EPSS 0.19%
Veröffentlicht 12.07.2024 06:15:03
Zuletzt bearbeitet 21.11.2024 09:28:55
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Quotes and Tips by BestWebSoft <= 1.44 - Authenticated (Admin+) Arbitrary File Upload

The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Mögliche Gegenmaßnahme

Quotes and Tips by BestWebSoft: Update to version 1.45, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Quotes and Tips by BestWebSoft

Version *-1.44

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bestwebsoft ≫ Quotes And Tips SwPlatformwordpress Version < 1.45

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.411

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://wpscan.com/vulnerability/fa6f01d6-aa3b-4452-9c5f-49bb227fea9d/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/3b5f1a1e-8066-4f20-af36-a778e50a3f64

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-3112

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3112

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3112

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-3112