Lucene search
WPScanCVELIST:CVE-2022-4774HistoryMay 15, 2023 - 12:15 p.m.
CVE-2022-4774 Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload
2023-05-1512:15:44
WPScan
www.cve.org
cve-2022-4774
bit form
rce
unauthenticated
file upload
validation
wordpress
plugin
arbitrary files
remote code execution
The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it’s file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Bit Form",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.9"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cve
cve
CVE-2022-4774
2023-05-15 13:15:09
wpvulndb
wpvulndb
Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload
2023-04-19 00:00:00
nvd
nvd
CVE-2022-4774
2023-05-15 13:15:09
wpexploit
wpexploit
Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload
2023-04-19 00:00:00
prion
prion
Remote code execution
2023-05-15 13:15:00