What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).
Explanation of Vulnerability in Simple Terms
WPAMS for Joomla allows unauthenticated attackers to upload arbitrary files to the server without restriction. An attacker can upload malicious PHP files or other executable code, then access them directly to run their own code on the site. This affects all versions up to 44.0 released on 17 August 2023. The vulnerability has network-level scope, meaning the impact extends beyond the component itself.
What an attacker can do
Upload and execute arbitrary files, including PHP code, to run commands on the server.
Potential impact on your site
Complete compromise of the Joomla site and server; attacker gains full control.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources