CVE-2022-0687 – Amelia < 1.0.46 - Manager+ RCE

https://notcve.org/view.php?id=CVE-2022-0687

23 Feb 2022 — The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role. El plugin Amelia de WordPress versiones anteriores a 1.0.47, almacena los blobs de imágenes en archivos reales cuya extensión es controlada por el usuario, lo que puede conllevar a una carga de backdoors PHP en el sitio. Esta vulnerab... • https://wpscan.com/vulnerability/3cf05815-9b74-4491-a935-d69a0834146c • CWE-434: Unrestricted Upload of File with Dangerous Type •