Descrição
The AI ChatBot for WordPress is vulnerable to Directory Traversal in version 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append “<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php. This vulnerability is the same as CVE-2023-5241, but was reintroduced in version 4.9.2.
Software
Não informado
Tipo Software
Core
CVE
CVE-2023-5646
Tags
Nâo informado
Data de publicação
19/10/2023
Última atualização
21/10/2023
Pontuação em CVSS 3.0
9.6
Crítico