Descrição
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2020-35235
Tags
Nâo informado
Data de publicação
14/12/2020
Última atualização
01/12/2024
Pontuação em CVSS 3.0
8.8
Alto