Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server.
References
Link | Resource |
---|---|
https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d77c9d6 | Exploit Third Party Advisory |
https://makewebbetter.com/product/giftware-woocommerce-gift-cards/ | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-28T14:36:30
Updated: 2020-12-28T14:36:30
Reserved: 2020-12-22T00:00:00
Link: CVE-2020-35627
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-28T15:15:12.483
Modified: 2020-12-30T16:44:01.550
Link: CVE-2020-35627
JSON object: View
Redhat Information
No data.
CWE