漏洞标题
响应式菜单 < 4.0.4 - CSRF 至任意文件上传
漏洞描述信息
响应式菜单 < 4.0.4 - CSRF 至任意文件上传
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload
漏洞描述信息
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site.
CVSS信息
N/A
漏洞类别
跨站请求伪造(CSRF)
漏洞标题
WordPress 插件 Reponsive Menu (free and Pro) 跨站请求伪造漏洞
漏洞描述信息
WordPress 插件 Reponsive Menu (free and Pro) before 4.0.4 存在安全漏洞,攻击者可利用该漏洞可以发出请求,欺骗管理员上传包含恶意PHP文件的zip存档。攻击者可以访问这些文件,以实现远程代码执行,并进一步感染目标站点。
CVSS信息
N/A
漏洞类别
跨站请求伪造