CVE-2022-4395
Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Unknown · Membership For WooCommercePoCs públicas encontradas — 4
githubgithub.com/MrG3P5/CVE-2022-4395★ 7cve_referencepacketstormsecurity.com/files/177934/WordPress-Membership-For-WooCommerce-Shell-Upload.htmlno verificadocve_referencewww.exploit-db.com/exploits/51959no verificadocve_referencewpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →