Ver todas as ameaças

CVE-2020-35949

Alvo: Não informado

Descrição

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file.

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2020-35949
Tags
Nâo informado
Data de publicação
01/01/2021
Última atualização
08/12/2024
Pontuação em CVSS 3.0
10
Crítico
Rolar para cima