ГлавнаяУязвимости → CVE-2021-47965
9.8критическая

CVE-2021-47965

Описание

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://wordpress.orghttps://wordpress.org/plugins/wp-super-edit/https://www.exploit-db.com/exploits/49839https://www.vulncheck.com/advisories/wordpress-plugin-wp-super-edit-unrestricted-file-upload