漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload
漏洞信息
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter.
漏洞信息
N/A
漏洞
危险类型文件的不加限制上传
漏洞
Automattic WooCommerce 代码问题漏洞
漏洞信息
Automattic WooCommerce是美国Automattic公司的一套基于WordPress的开源电子商务平台。 WooCommerce Upload Files WordPress plugin before 59.4 存在安全漏洞,攻击者可利用该漏洞路径遍历将文件上传到不同的位置。
漏洞信息
N/A
漏洞
N/A