Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Shopp eCommerce <= 1.4 - Unauthenticated Arbitrary File Upload
Vulnerability Description
The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary files and leading to RCE
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
WordPress 插件代码问题漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress plugin Shopp 存在代码问题漏洞,该漏洞源于shopp_upload_file AJAX 操作通过 1.4,可供未经身份验证和经过身份验证的用户使用,没有任何安全措施来防止上传恶意文件。攻击者可利用该漏洞允许未经身份验证的用户上传任意文件,导致远端控制设备。
CVSS Information
N/A
Vulnerability Type
N/A