脆弱性情報
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field
脆弱性説明
The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWP_Validation::validate_fields() function (which falls through to sanitize_text_field() for fields of type 'file', leaving directory-traversal sequences intact) combined with the UsersWP_Forms::upload_file_remove() AJAX handler building the deletion target from the uploads basedir concatenated with the attacker-controlled metadata value without any realpath canonicalization or uploads-directory boundary check before calling unlink(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the affected site's server, including wp-config.
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
脆弱性タイプ
对路径名的限制不恰当(路径遍历)
脆弱性タイトル
WordPress UsersWP 路径遍历漏洞
脆弱性説明
WordPress UsersWP是WordPress基金会的一款轻量级且 100% 安全的 WordPress 用户注册、登录和个人资料插件。 WordPress UsersWP 1.2.65及之前版本存在路径遍历漏洞,该漏洞源于对文件字段值验证不足以及在删除操作前未进行realpath规范化或上传目录边界检查,可能导致已认证的攻击者删除受影响服务器上的任意文件。
CVSS情報
N/A
脆弱性タイプ
N/A