The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-21T18:55:57
Updated: 2024-08-02T23:40:03.132Z
Reserved: 2022-02-19T00:00:00
Link: CVE-2022-0687
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-21T19:15:11.337
Modified: 2024-11-21T06:39:11.253
Link: CVE-2022-0687
Redhat
No data.