|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-06-08 | |
| Rule Name: | Wordpress Plugin wpDiscuz Unauthenticated Arbitrary File Upload Vulnerability (CVE-2020-24186) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. | |
| Impact: | An attacker could exploit this vulnerability to upload a image webshell. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | http://packetstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.html https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/ |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/ |