CVE-2020-35627

Published: Dec 28, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server.

Affected (1)

Products: Woocommerce: Gift Cards

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Woocommerce Gift Cards	Version 3.0.2

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d77c9d6

Source: cve@mitre.org

ExploitThird Party Advisory

https://makewebbetter.com/product/giftware-woocommerce-gift-cards/

Source: cve@mitre.org

ProductThird Party Advisory

https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d77c9d6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://makewebbetter.com/product/giftware-woocommerce-gift-cards/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

Timeline

No history available yet.