CVE-2020-35627
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server.
Ultimate WooCommerce Gift Cards versión 3.0.2, está afectada por una vulnerabilidad de carga de archivos en la Custom GiftCard Template que puede ejecutar remotamente código arbitrario. Una vez que contiene la función "Custom Gift Card Template", la función de cargar una imagen personalizada es usada, cambiando el nombre de la extensión de la imagen a PHP y ejecutando el código PHP en el servidor
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-22 CVE Reserved
- 2020-12-28 CVE Published
- 2024-05-02 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://makewebbetter.com/product/giftware-woocommerce-gift-cards | Product |
| URL | Date | SRC |
|---|---|---|
| https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d77c9d6 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Woocommerce Search vendor "Woocommerce" | Gift Cards Search vendor "Woocommerce" for product "Gift Cards" | 3.0.2 Search vendor "Woocommerce" for product "Gift Cards" and version "3.0.2" | - |
Affected
| ||||||