CVE-2024-28890

2024-04-2305:15:49

jpcert

web.nvd.nist.gov

forminator

unrestricted upload

file vulnerability

remote attacker

sensitive information

server access

site alteration

denial-of-service

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

9.1

Confidence

High

EPSS

Percentile

15.5%

JSON

Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.

Affected configurations

Vulners

Node

wpmu_devforminatorRange<1.29.0

VendorProductVersionCPE
wpmu_devforminator*cpe:2.3:a:wpmu_dev:forminator:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wpmu_dev	forminator	*	cpe:2.3:a:wpmu_dev:forminator::::::::

CNA Affected

[
  {
    "vendor": "WPMU DEV",
    "product": "Forminator",
    "versions": [
      {
        "version": "prior to 1.29.0",
        "status": "affected"
      }
    ]
  }
]