PT-2019-9189 · Repute · Arforms
Publicado
2019-03-17
·
Atualizado
2019-03-22
·
CVE-2018-15818
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Repute ARForms versions 3.5.1 and prior
Description
An issue allows an attacker to delete any file on the server with web server privileges by sending a malicious request to "admin-ajax.php".
Recommendations
For versions 3.5.1 and prior, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the "admin-ajax.php" endpoint to minimize the risk of exploitation.
Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Arforms