|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-10-13 | |
| Rule Name: | WordPress Plugin Brandfolder 3.0 File Inclusion Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports hosting personal blog sites on PHP and MySQL servers. Brandfolder is an open source plugin for WordPress. Brandfolder <= 3.0 has an arbitrary file inclusion vulnerability that allows an attacker to include arbitrary files on a server, potentially leading to the execution of malicious code, access to sensitive data, or other attacks. | |
| Impact: | When an application builds a path to executable code using attacker controlled variables, an attacker can exploit a file inclusion vulnerability to arbitrarily control the file that is executed at runtime. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |