CVE-2022-4395

Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload

CVSS 9.8 CRITICALEPSS 17.6%

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Unknown · Membership For WooCommerce

PoCs públicas encontradas — 4

githubgithub.com/MrG3P5/CVE-2022-4395★ 7 cve_referencepacketstormsecurity.com/files/177934/WordPress-Membership-For-WooCommerce-Shell-Upload.htmlnão verificado cve_referencewww.exploit-db.com/exploits/51959não verificado cve_referencewpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://packetstormsecurity.com/files/177934/WordPress-Membership-For-WooCommerce-Shell-Upload.html https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40 https://www.exploit-db.com/exploits/51959