CVE-2022-0888
🔴 Łataj teraz
Ninja Forms wtyczka WordPressa umożliwia nieautoryzowane przesyłanie złośliwych plików.
CVSS
9.8
EPSS
9.3%
Exploit
poc
Vendor
ninjaforms
Opis źródłowy (NVD)
The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0
exploit rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 9.3% |
| Opublikowano (NVD) | 2022-03-23 20:15:10 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-08 19:17:49 UTC |
Referencje
- https://gist.github.com/Xib3rR4dAr/5f0accbbfdee279c68ed144da9cd8607 (security@wordfence.com) [Exploit, Patch, Third Party Advisory]
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=cve (security@wordfence.com)
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0888 (security@wordfence.com) [Third Party Advisory]