CVE-2020-37227— WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

危险类型文件的不加限制上传

WordPress plugin HS Brand Logo Slider 代码问题漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin HS Brand Logo Slider 2.1版本存在代码问题漏洞，该漏洞源于文件上传限制不足，可能导致经过身份验证的用户绕过客户端文件扩展名验证上传任意文件，通过拦截上传请求并重命名文件为可执行扩展名实现远程代码

N/A

N/A