05138803331

Faculty of Engineering, Ferdowsi University of Mashhad, Mashhad, Khorasan Razavi, Iran

0

basket

  • فارسی
    • 0

    سبد خرید

    Last Articles

    article
    High level vulnerability in cisco
    فروردین ۷ , ۱۴۰۲
    Read more
    article
    CRITICAL level vulnerability inMicrosoft Outlook
    فروردین ۷ , ۱۴۰۲
    Read more
    article
    CRITICAL level vulnerability in WordPress plugin
    اسفند ۲۱ , ۱۴۰۱
    Read more

    Categories

    high level vulnerability in WordPress

    high level vulnerability in WordPress

    CVE-2021-3120

    Description

    An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images.

    Base Score: 9.8 CRITICAL

    https://yithemes.com/themes/plugins/yith-woocommerce-gift-cards/

    Security News
    critical level & high level vulnerability in Cisco

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Related Articles

    article
    high level vulnerability in McAfee

    CVE-2020-7346 Description Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker’s choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL […]

    Category:
    بهمن ۲۴ , ۱۴۰۱
    Read more
    article
    high level and critical vulnerability (20-21 December )

    CVE-2022-46328 Description Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. Base Score: 7.5 HIGH https://consumer.huawei.com/en/support/bulletin/2022/12/ ______________________________ CVE-2022-46327 Description Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. Base Score: 9.8 CRITICAL https://consumer.huawei.com/en/support/bulletin/2022/12/ _____________________________ CVE-2022-46326 Description Some smartphones have […]

    Category:
    دی ۴ , ۱۴۰۱
    Read more
    article
    high level and critical vulnerability(6-9 December)

    CVE-2022-3724 Description Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows Base Score: 7.5 HIGH https://www.wireshark.org/security/wnpa-sec-2022-08.html ____________________________ CVE-2022-46829 Description In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. Base Score: 8.8 HIGH […]

    Category:
    آذر ۲۷ , ۱۴۰۱
    Read more

    Contact us

    Address: Mashhad, Ferdowsi University of Mashhad, Faculty of Engineering, APA Specialized Center
    Phone number: 05138803331
    Working hours: 8 am to 4 pm
    [email protected]

    Links

    © All rights reserved to APA Specialized Center of Ferdowsi University of Mashhad