RSS   Podatności dla 'Imagements'   RSS

2021-05-06
 
CVE-2021-24236

CWE-434
 

 
The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename and code, leading to RCE.

 


Copyright 2024, cxsecurity.com

 

Back to Top