PT-2023-16962 · WordPress · Jetengine

R3Zk0N

Publicado

2023-04-10

Atualizado

2024-01-08

CVE-2023-1406

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JetEngine WordPress plugin versions prior to 3.1.3.1

Description The issue allows for remote code execution due to the plugin's failure to properly verify that uploaded files are not executable.

Recommendations For versions prior to 3.1.3.1, update to version 3.1.3.1 or later to resolve the issue.

Exploit

Correção

RCE

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2023-1406

Jetengine