What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1.
Explanation of Vulnerability in Simple Terms
Wiguard versions up to 2.0.1 do not properly validate file uploads, allowing authenticated users to upload arbitrary files to the site. An attacker with low-level access can upload malicious files—such as PHP scripts—that execute on the server. This vulnerability affects the entire site and can lead to complete compromise.
What an attacker can do
Upload and execute arbitrary files on the server, including PHP code.
Potential impact on your site
Complete site compromise: data theft, malware injection, or total takeover by an authenticated attacker.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities