The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. The identifier VDB-249001 was assigned to this vulnerability. The exploit has been disclosed to the public and may be used. The manipulation of the argument prod_id leads to sql injection. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id=11. When the candidate has been publicized, the details for this candidate will be provided.Ī vulnerability was found in code-projects E-Commerce Website 1.0. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file. ![]() Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |