What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra solace-extra allows Using Malicious Files.This issue affects Solace Extra: from n/a through <= 1.3.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra solace-extra allows Using Malicious Files.This issue affects Solace Extra: from n/a through <= 1.3.1.
Explanation of Vulnerability in Simple Terms
Solace Extra versions up to 1.3.1 allow authenticated users to upload files without proper validation. An attacker with low-level access can upload malicious files to the server, potentially executing code or compromising the site. The vulnerability affects confidentiality, integrity, and availability of the entire system.
What an attacker can do
Upload and execute malicious files on the server, compromising the entire site.
Potential impact on your site
Any authenticated user can upload files that execute code, leading to full site compromise.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities