Lucene search
China National Vulnerability DatabaseCNVD-2022-67602HistoryMar 25, 2022 - 12:00 a.m.
WordPress Ninja Forms-File Uploads Extension Plugin Arbitrary File Uploads Vulnerability
2022-03-2500:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
wordpress
ninja forms
file uploads
extension
arbitrary
file type validation
php
mysql
remote code execution
vulnerability
security document
EPSS
0.013
Percentile
86.4%
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. WordPress Ninja Forms - File Uploads Extension Plugin 3.30 and earlier versions are vulnerable to arbitrary file uploads, which vulnerability stems from the program not validating the correct input for the file type of ~/include/ajax/controller/uploads.php. An attacker could use this vulnerability to upload malicious files that could be used to execute remote code.
Related
patchstack
patchstack
wpvulndb
wpvulndb
nvd
nvd
CVE-2022-0888
2022-03-23 20:15:10
cvelist
cvelist
CVE-2022-0888
2022-03-23 19:46:51
wpexploit
wpexploit
prion
prion
Input validation
2022-03-23 20:15:00
checkpoint_advisories
checkpoint_advisories
WordPress Ninja Forms Plugin Arbitrary File Upload (CVE-2022-0888)
2022-11-02 00:00:00
cve
cve
CVE-2022-0888
2022-03-23 20:15:10