Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Loco Translate < 2.5.4 - Authenticated PHP Code Injection
Vulnerability Description
The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
WordPress 代码注入漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 插件 Loco Translate 2.5.4之前版本存在代码注入漏洞,该漏洞源于插件错误地处理了保存到文件中的数据输入,该文件可以重命名为以PHP结尾的扩展名,导致认证的“翻译”用户能够在web可访问的位置将PHP代码注入到以PHP结尾的文件中。
CVSS Information
N/A
Vulnerability Type
N/A