5 matches found
CVE-2021-24684
The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript...
CVE-2021-24684
The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript...
WordPress 插件 操作系统命令注入漏洞
WordPress plugin is a WordPress open source application plugin . WordPress PDF Light Viewer plugin version 1.4.12 before the existence of operating system command injection vulnerability, an attacker can exploit the vulnerability in the call Ghostscript through the OS command injection on the...
PDF Light Viewer < 1.4.12 - Authenticated Command Injection
The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. PoC 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...
PDF Light Viewer < 1.4.12 - Authenticated Command Injection
The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...