CVE-2022-1952
eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 17.6%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
11 jul 2022Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
Productos afectados
Unknown · Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →