O temacie informuje Bleeping Computer: In the vulnerable versions, the plugin does not remove special characters from the uploaded filename, including the control character and separators. This could potentially allow an attacker to upload a filename containing double-extensions, separated by a non-printable or special character, such as a file called „abc.php .jpg.” Z opisu wynika,...
Artykuł Krytyczna podatność w bardzo popularnym pluginie WordPressa (Contact Form 7). 5+ milionów instalacji i możliwość dostania się na serwer. pochodzi z serwisu Sekurak.