3 matches found
CVE-2020-35949
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checke...
CVE-2020-35949
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checke...
CVE-2020-35949
The CVE-2020-35949 entry concerns the WordPress plugin Quiz and Survey Master before 7.0.1. Affected component: file upload handler in quiz questions. Root cause: only Content-Type is validated during upload, allowing unauthenticated attackers to upload arbitrary files (e.g., .php as text/plain) ...