CVE-2021-24620

CVE-2021-24620

The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE

Source: CVE-2021-24620

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다