2 matches found
CVE-2021-24171
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuffilename"...
Multiple Schneider Electric Modicon Product Session Fixation Vulnerabilities
Schneider-Electric Modicon M251 and others are programmable controller products of Schneider Electric France. A security vulnerability exists in multiple Schneider Electric Modicon products. An attacker could exploit the vulnerability to take control of the current session...