ГлавнаяУязвимости → CVE-2018-25095
9.8критическая

CVE-2018-25095

Описание

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.

Затрагиваемое ПО
Awesomemotive Duplicator
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3eehttps://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee