| 제목 | Drag and Drop Multiple File Upload PRO 5.0.6.1 Path Traversal |
|---|
| 설명 | Path Traversal in Drag and Drop Multiple File Uploader PRO - Contact Form 7 version x.x.x.x allows unauthenticated remote attacker to upload files anywhere writable on the remote server.
To exploit this vulnerability, the attacker needs to upload a file using the plugin's form. On this post request there needs to be the parameter upload_name, which value is the name of the folder to which the file will be uploaded. The attacker can put anything he wants, such as ../, ../../../, foldername (it will create the folder "foldername" on the upload directory), etc. |
|---|
| 원천 | ⚠️ https://github.com/Nickguitar/Drag-and-Drop-Multiple-File-Uploader-PRO-Path-Traversal |
|---|
| 사용자 | Nickguitar (UID 41307) |
|---|
| 제출 | 2023. 02. 18. PM 01:24 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 03. 01. AM 10:54 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 222072 [Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 켜짐 WordPress admin-ajax.php upload_name 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|