漏洞编号:CVE-2024-2381
评分:8.8
恶意利用的后果:通过远程代码执行获取敏感信息以及目标权限
来源:Source Wordfence
公布时间:2024-06-19 03:12:33
更新时间:2024-06-19 03:12:33
类型:Execute code
描述:The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
影响组件:
参考资料: