漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition
Vulnerability Description
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use (TOCTOU) race condition in the 'url' parameter of the fpd_custom_uplod_file AJAX action. The plugin validates the URL by calling getimagesize() first, then later retrieves the same URL using file_get_contents(). This makes it possible for unauthenticated attackers to exploit the timing gap to perform SSRF attacks by serving a valid image during validation, then changing the response to redirect to arbitrary internal or external URLs during the actual fetch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
WordPress plugin Fancy Product Designer 竞争条件问题漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Fancy Product Designer 6.4.8及之前版本存在竞争条件问题漏洞,该漏洞源于TOCTOU竞争条件,可能导致服务器端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A