CVE-2023-5822 in Drag and Drop Multiple File Upload Contact Form 7thông tin

Tóm tắt

Bởi MITRE • 22/11/2023

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

chịu trách nhiệm

Wordfence

Đặt trước

26/10/2023

Tiết lộ

22/11/2023

Kiểm duyệt

được chấp nhận

EPSS

0.01793

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you want to use VulDB in your project?

Use the official API to access entries easily!