Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by advanced_uploader_project
CVE-2022-1103 (GCVE-0-2022-1103)
Vulnerability from cvelistv5 – Published: 2022-05-16 14:30 – Updated: 2024-08-02 23:55
VLAI
Title
Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload
Summary
The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
Severity
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/9ddeef95-7c7f-42… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Advanced uploader |
Affected:
4.2 , ≤ 4.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced uploader",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "4.2",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Roel van Beurden"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-16T14:30:37.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advanced Uploader \u003c= 4.2 - Subscriber+ Arbitrary File Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1103",
"STATE": "PUBLIC",
"TITLE": "Advanced Uploader \u003c= 4.2 - Subscriber+ Arbitrary File Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced uploader",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.2",
"version_value": "4.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Roel van Beurden"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9ddeef95-7c7f-4296-a55b-fd3304c91c18"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1103",
"datePublished": "2022-05-16T14:30:37.000Z",
"dateReserved": "2022-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}