# N/A
## 概述
Adning Advertising 插件存在任意文件上传漏洞,这是因为 `_ning_upload_image` 函数中缺少文件类型验证。该漏洞可能导致未授权攻击者上传任意文件,进而可能实现远程代码执行。
## 影响版本
- 影响版本:1.5.5 及之前的版本
## 细节
- 漏洞位于 `_ning_upload_image` 函数中。
- 由于缺少文件类型验证,攻击者可以上传任意文件。
## 影响
- 未授权攻击者可以利用此漏洞上传任意文件。
- 恶意文件上传可能实现远程代码执行。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | https://github.com/projectdiscovery/nuclei-templates/blob/main/passive/cves/2020/CVE-2020-36705.yaml | POC详情 |
| 2 | The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-36705.yaml | POC详情 |
暂无评论