eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.

N/A

危险类型文件的不加限制上传

WordPress plugin Free Booking Plugin for Hotels, Restaurant and Car Rental 代码问题漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Free Booking Plugin for Hotels, Restaurant and Car Rental 1.1.16 之前的版本存在代码问题漏洞，该漏洞源于存在输入验证不足的问题，攻击者利用该漏洞可以任意文件上传并

N/A

N/A