PT-2024-38375 · WordPress · Crm Perks Forms
István Márton
·
Published
2024-08-06
·
Updated
2024-08-06
·
CVE-2024-7484
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CRM Perks Forms plugin for WordPress versions up to, and including, 1.1.3
Description
The issue is related to arbitrary file uploads due to insufficient file validation on the
handle uploaded files function. This allows authenticated attackers with administrator-level capabilities or above to upload arbitrary files on the affected site's server, potentially making remote code execution possible.Recommendations
For versions up to, and including, 1.1.3, update to a version that fixes the insufficient file validation issue in the
handle uploaded files function to prevent arbitrary file uploads.
As a temporary workaround, consider restricting access to the handle uploaded files function until a patch is available.Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crm Perks Forms