PT-2023-32254 · WordPress · Wp Mail Log

Dc11

Publicado

2023-12-26

Atualizado

2024-01-04

CVE-2023-5673

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WP Mail Log WordPress plugin versions prior to 1.1.3

Description The issue allows attackers to upload PHP files due to improper validation of file extensions when uploading files to attach to emails, leading to remote code execution.

Recommendations For WP Mail Log WordPress plugin versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or validating file extensions manually until a patch is applied.

Exploit

Correção

RCE

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-5673

Produtos afetados

Wp Mail Log

PT-2023-32254 · WordPress · Wp Mail Log

CVE-2023-5673

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6