RSS   Podatności dla 'Upload files'   RSS

2021-04-05
 
CVE-2021-24171

CWE-434
 

 
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter.

 

 >>> Vendor: Woocommerce 10 Produkty
Woocommerce
Paypal checkout payment gateway
Payu india payment gateway
Persian woocommerce sms
Subscriptions
Nab transact
Gift cards
Help scout
Upload files
Woocommerce currency switcher


Copyright 2022, cxsecurity.com

 

Back to Top