cve/2023/CVE-2023-5957.md

### [CVE-2023-5957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5957)
![](https://img.shields.io/static/v1?label=Product&message=Ni%20Purchase%20Order(PO)%20For%20WooCommerce&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)

### Description

The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.

### POC

#### Reference
- https://wpscan.com/vulnerability/70f823ff-64ad-4f05-9eb3-b69b3b79dc12

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-5957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5957)`
			`![](https://img.shields.io/static/v1?label=Product&message=Ni%20Purchase%20Order(PO)%20For%20WooCommerce&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)`

			`### Description`

			`The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/70f823ff-64ad-4f05-9eb3-b69b3b79dc12`

			`#### Github`
			`No PoCs found on GitHub currently.`