CVE-2022-4395

Sažetak

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

Reference

https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40
https://packetstormsecurity.com/files/177934/WordPress-Membership-For-WooCommerce-Shell-Upload.html
https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40
https://www.exploit-db.com/exploits/51959

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

27-03-2025 - 20:15

Objavljeno

30-01-2023 - 21:15