← Voltar para CVEs
CVE-2023-5360
CRITICAL9.8
Descricao
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/31/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
royal-elementor-addons:royal_elementor_addons
Fraquezas (CWE)
CWE-434
Referencias
http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html(contact@wpscan.com)
https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34(contact@wpscan.com)
http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html(af854a3a-2127-422b-91ae-364da2661108)
https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.