CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-12426

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1330%
EPSS Percentile42.12th
Published2018年7月2日
Last Modified2024年11月21日

Vulnerability Description

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.

Affected Platforms (CPE)

📦
3cx

Live Chat

< 8.0.07

References & Advisories

🔗 https://github.com/CodeCabin/wp-live-chat-support/blob/master/readme.txt
🔗 https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426
🔗 https://wpvulndb.com/vulnerabilities/9697
🔗 https://github.com/CodeCabin/wp-live-chat-support/blob/master/readme.txt
🔗 https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426
🔗 https://wpvulndb.com/vulnerabilities/9697

相關漏洞威脅

CVE-2019-186629.8

An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveCh...

CVE-2019-124989.8

The WP Live Chat Support plugin before 8.0.33 for WordPress accepts certain REST API calls without invoking the wplc_api_permissio...

CVE-2019-111859.8

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results fro...

CVE-2020-97589.6

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name param...