CVE-2024-6500
CVE-2024-6500
Título es
CVE-2024-6500
Sáb, 17/08/2024 – 03:15
Tipo
CWE-862
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-6500
Descripción en
The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for WooCommerce) as well as 1.4.4 (for InPost PL). This makes it possible for unauthenticated attackers to read and delete arbitrary files on Windows servers. On Linux servers, only files within the WordPress install will be deleted, but all files can be read.
17/08/2024
17/08/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
Gravedad 3.1 (CVSS 3.1 Base Score)
10.00
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL
Referencias
Enviar en el boletín
Off
