Unrestricted Upload of File with Dangerous Type vulnerability
CVE-2024-37418

9.9CRITICAL

Key Information:

Vendor

WordPress

Vendor
CVE Published:
9 July 2024

What is CVE-2024-37418?

The Church Admin plugin by Andy Moyle has a vulnerability that allows unauthorized users to upload files of dangerous types, such as web shells. This can potentially lead to remote code execution on the server, compromising the integrity and security of the web application. The issue affects versions from n/a to 4.4.6, making it crucial for users to implement safeguards against this vulnerability to protect their systems.

Affected Version(s)

Church Admin 0 <= 4.4.6

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.