6 matches found
CVE-2023-5957
The Ni Purchase OrderPO For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell...
CVE-2023-5957
creationtimestamp| type| source ---|---|--- 2024-01-08 20:27:01+00:00| seen| https://t.me/ctinow/164603 2024-01-25 14:42:01+00:00| seen| https://t.me/ctinow/173472 2025-06-18 16:43:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18792...
CVE-2023-5957
The Ni Purchase OrderPO For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell...
CVE-2023-5957 Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution
The Ni Purchase OrderPO For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell...
CVE-2023-5957
CVE-2023-5957 affects the Ni Purchase Order (PO) for WooCommerce WordPress plugin up to version 1.2.1. The vulnerability arises because the plugin does not validate logo and signature image files uploaded in the settings, allowing a high-privilege user to upload arbitrary files to the web server ...
CVE-2023-5957 Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution
The Ni Purchase OrderPO For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell...