Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2024/07/04 8:32 a.m.15 views

CVE-2024-6319 IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload'

The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitra...

8.8CVSS7.7AI score0.00947EPSS
Exploits0References3
CVE
CVE
added 2024/07/04 8:32 a.m.62 views

CVE-2024-6319

CVE-2024-6319 (IMGspider WordPress plugin) is an authenticated arbitrary file upload vulnerability. The issue arises in the plugin’s upload function where file type validation is missing, enabling attackers with contributor-level or higher permissions to upload arbitrary files to the server. This...

8.8CVSS8.9AI score0.00947EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/07/04 8:32 a.m.296 views

CVE-2024-6319 IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload'

The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitra...

8.8CVSS0.00947EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/07/04 12:0 a.m.20 views

WordPress IMGspider Plugin <= 2.3.10 is vulnerable to Arbitrary File Upload

Software IMGspider Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6319 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 7f35690ce29e Credits István Márton Required privilege...

8.8CVSS6.8AI score0.00947EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder