GREYD.SUITE < 1.2.7 - Unauthenticated File Upload to RCE

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE).

N/A

危险类型文件的不加限制上传

WordPress theme GREYD.SUITE 代码问题漏洞

WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress theme是WordPress的一款主题。 WordPress theme GREYD.SUITE 存在代码问题漏洞，该漏洞源于没有正确验证上传的自定义字体包，也没有执行任何授权或跨站请求伪造检查。攻击者利用该漏洞上传任意文件，导致远程代码执行。

N/A

N/A