1 results (0.001 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1
CVE-2019-15866 – Crelly Slider <= 1.3.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2019-15866
The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. El plugin crelly-slider en versiones anteriores a la 1.3.5 para WordPress tiene carga arbitraria de archivos mediante un archivo PHP dentro de un archivo ZIP wp_ajax_crellyslider_importSlider. • https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-crelly-slider-plugin https://wordpress.org/plugins/crelly-slider/#developers • CWE-434: Unrestricted Upload of File with Dangerous Type •