← volver
CVE-2022-0687

Amelia < 1.0.46 - Manager+ RCE

EPSS 1.4%CWE-434
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 1.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 mar 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role.
Productos afectados
Unknown · Amelia – Events & Appointments Booking Calendar

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/3cf05815-9b74-4491-a935-d69a0834146c