admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2022-4060.md

Browse Source 
add CVE-2022-4060
This commit is contained in:
Goby 2023-06-21 17:41:49 +08:00 committed by GitHub
parent 424fda4587
commit d69c804577
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2022-4060.md Normal file
View File

@ -0,0 +1,12 @@
## WordPress plugins User Post Gallery upg_datatable RCE Vulnerability (CVE-2022-4060)
| **Vulnerability** | **WordPress plugins User Post Gallery upg_datatable RCE Vulnerability (CVE-2022-4060)** |
| :----: | :-----|
| **Chinese name** | WordPress User Post Gallery 插件 upg_datatable 远程代码执行漏洞CVE-2022-4060 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [body="wp-content/plugins/wp-upg"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL3dwLXVwZyI%3D) |
| **Number of assets affected** | 383 |
| **Description** | WordPress plugins User Post Gallery is a plugin that allows users to select albums, generate tags, upload pictures and videos from the front end. There is a code injection vulnerability in WordPress plugin User Post Gallery 2.19 and earlier versions. The vulnerability stems from the fact that the callback function allows any user to call it. Attackers can use this vulnerability to run code on its site. |
| **Impact** | There is a code injection vulnerability in WordPress plugin User Post Gallery 2.19 and earlier versions. The vulnerability stems from the fact that the callback function allows any user to call it. Attackers can use this vulnerability to run code on its site. |
![](https://s3.bmp.ovh/imgs/2023/06/21/f82bbe1d63c40785.gif)