PT-2019-7430 · WordPress · Dzs-Zoomsounds
Publicado
2019-10-10
·
Atualizado
2021-09-02
·
CVE-2015-9471
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
dzs-zoomsounds plugin versions through 2.0 for WordPress
Description
The issue concerns an arbitrary file upload in the admin/upload.php endpoint. This allows for potential malicious file uploads.
Recommendations
For versions through 2.0, consider disabling the admin/upload.php endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation.
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dzs-Zoomsounds