Enhancement: cves/2021/CVE-2021-24155.yaml by md
parent
72a20bcce6
commit
ad097ced6b
|
@ -5,12 +5,12 @@ info:
|
|||
author: theamanrawat
|
||||
severity: high
|
||||
description: |
|
||||
WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to RCE.
|
||||
WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb
|
||||
- https://wordpress.org/plugins/backup/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24155
|
||||
remediation: Fixed in version 1.6.0
|
||||
remediation: Fixed in version 1.6.0.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.2
|
||||
|
|
Loading…
Reference in New Issue