Search criteria
1 vulnerability by advanced_uploader_project
CVE-2022-1103 (GCVE-0-2022-1103)
Vulnerability from cvelistv5 – Published: 2022-05-16 14:30 – Updated: 2024-08-02 23:55
VLAI
Title
Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload
Summary
The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
Severity
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/9ddeef95-7c7f-42… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Advanced uploader |
Affected:
4.2 , ≤ 4.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced uploader",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.2",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Roel van Beurden"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:30:37.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advanced Uploader \u003c= 4.2 - Subscriber+ Arbitrary File Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1103",
"STATE": "PUBLIC",
"TITLE": "Advanced Uploader \u003c= 4.2 - Subscriber+ Arbitrary File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced uploader",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.2",
"version_value": "4.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Roel van Beurden"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1103",
"datePublished": "2022-05-16T14:30:37.000Z",
"dateReserved": "2022-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}