11 matches found
uDraw <3.3.3 - Local File Inclusion
uDraw before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users...
CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...
VulnCheck KEV: CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded...
WordPress plugin Web To Print Shop : uDraw arbitrary file reading vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Web To Print Shop: An arbitrary file reading vulnerability exists in versions of uDraw prior...
CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...
CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...
Code injection
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...
CVE-2022-0656
The CVE-2022-0656 issue affects the WordPress plugin Web To Print Shop: uDraw , where versions prior to 3.3.3 do not validate the URL parameter in the AJAX action udraw_convert_url_to_base64 before using it in file_get_contents, enabling unauthenticated arbitrary file reads (e.g., /etc/passwd, wp...
WordPress plugin Web To Print Shop : uDraw 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Web To Print Shop: An arbitrary file reading vulnerability exists in versions of uDraw prior...
uDraw < 3.3.3 - Unauthenticated Arbitrary File Access
The plugin does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users could re...
WordPress Web To Print Shop : uDraw plugin <= 3.3.32 - Unauthenticated Arbitrary File Access vulnerability
Unauthenticated Arbitrary File Access vulnerability discovered by cydave in WordPress Web To Print Shop : uDraw plugin versions = 3.3.32. Solution Update the WordPress Web To Print Shop : uDraw plugin to the latest available version at least 3.3.33...