CVE-2020-37227

WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

CVSS 8.7 HIGHEPSS 0.5%CWE-434

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Heliossolutions · HS Brand Logo Slider

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/48913no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://ms.wordpress.org/plugins/hs-brand-logo-slider/https://www.exploit-db.com/exploits/48913 https://www.heliossolutions.co/https://www.vulncheck.com/advisories/wordpress-plugin-hs-brand-logo-slider-unrestricted-file-upload