CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-35949

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile44.85th
Published2021年1月1日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file.

Affected Platforms (CPE)

📦
Expresstech

Quiz And Survey Master

< 7.0.1

References & Advisories

🔗 https://wpscan.com/vulnerability/10349
🔗 https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/
🔗 https://wpscan.com/vulnerability/10349
🔗 https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/

相關漏洞威脅

CVE-2020-359519.9

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files...

CVE-2021-242218.8

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id G...

CVE-2021-368987.5

Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.

CVE-2019-175996.1

The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). Th...