PT-2023-21697 · Unknown · Mw Wp Form

Shuya Ota

Publicado

2023-05-23

Atualizado

2025-01-31

CVE-2023-28409

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MW WP Form versions v4.4.2 and earlier

Description The issue allows a remote unauthenticated attacker to upload an arbitrary file due to an unrestricted upload of files with dangerous types. This may lead to potential security risks.

Recommendations For MW WP Form versions v4.4.2 and earlier, update to a version later than v4.4.2 to resolve the issue. As a temporary workaround, consider restricting file uploads to only allow safe file types until a patch is available.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-28409

Produtos afetados

Mw Wp Form

PT-2023-21697 · Unknown · Mw Wp Form

CVE-2023-28409

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7