CVE-2020-35945

CVSS v3.1

9.9

Critical

Vector

AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N

Name of the Vulnerable Software and Affected Versions: Divi Builder plugin versions prior to 4.5.3 Divi theme versions prior to 4.5.3 Divi Extra theme versions prior to 4.5.3

Description: An issue allows authenticated attackers with contributor-level or above capabilities to upload arbitrary files, including .php files, because the check for file extensions is on the client side.

Recommendations: For Divi Builder plugin versions prior to 4.5.3, update to version 4.5.3 or later. For Divi theme versions prior to 4.5.3, update to version 4.5.3 or later. For Divi Extra theme versions prior to 4.5.3, update to version 4.5.3 or later.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-35945

Affected Products

Divi Builder

Divi Extra Theme

Divi Theme

CVE-2020-35945

Weakness Enumeration

Related Identifiers

Affected Products

References · 6