← Zuruck zu CVEs
CVE-2024-7863
MEDIUM6.8
Beschreibung
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server
CVE Details
CVSS v3.1 Bewertung6.8
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionREQUIRED
Veroffentlicht9/13/2024
Zuletzt geandert9/27/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
pixeljar:favicon_generator
Schwachen (CWE)
CWE-352
Referenzen
https://wpscan.com/vulnerability/5e814b02-3870-4742-905d-ec03b0d31add/(contact@wpscan.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.