Descrição
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2018-25019
Tags
Nâo informado
Data de publicação
01/11/2021
Última atualização
08/12/2024
Pontuação em CVSS 3.0
7.5
Alto