Lucene search

K
patchstackStealthcopterPATCHSTACK:36165F903806CBDB28A660AB66A858F6
HistoryOct 14, 2024 - 12:00 a.m.

WordPress Digital Lottery Plugin <= 3.0.5 is vulnerable to Arbitrary File Upload

2024-10-1400:00:00
stealthcopter
patchstack.com
2
wordpress digital lottery
arbitrary file upload
vulnerable version
mitigate
cve-2024-49242
unauthenticated access
high priority

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0

Percentile

9.7%

Software

Digital Lottery

Type

Plugin

Vulnerable versions

<= 3.0.5

Fixed in

N/A

OWASP Top 10

A3: Injection

Classification

Arbitrary File Upload

CVE

CVE-2024-49242

Patch priority

High

CVSS severity

High (10)

Developer

Claim ownership

PSID

7676461ee2c0

Credits

stealthcopter stealthcopter

Required privilege

Unauthenticated

Published

14 October, 2024

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
-digital_lotteryRange3.0.5
VendorProductVersionCPE
-digital_lottery*cpe:2.3:a:-:digital_lottery:*:*:*:*:*:*:*:*

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0

Percentile

9.7%

Related for PATCHSTACK:36165F903806CBDB28A660AB66A858F6