漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE
Vulnerability Description
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
WordPress plugin WordPress File Upload Free and Pro 路径遍历漏洞
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin WordPress File Upload Free and Pro 4.16.3 之前版本存在安全漏洞,该漏洞源于通过短代码参数执行路径遍历,然后可以使用该参数将伪装成图像的 PHP 代码上传到插件的自动加载目录中,从而导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A