The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-05-15T12:15:44.681Z
Updated: 2023-05-15T12:15:44.681Z
Reserved: 2022-12-28T03:05:45.514Z
Link: CVE-2022-4774
JSON object: View
NVD Information
Status : Modified
Published: 2023-05-15T13:15:09.623
Modified: 2023-11-07T03:58:53.380
Link: CVE-2022-4774
JSON object: View
Redhat Information
No data.
CWE
No CWE.