CVE-2022-3282
CVSS V2 None
CVSS V3 Medium 4.3
Description
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form.
Overview
- CVE ID
- CVE-2022-3282
- Assigner
- contact@wpscan.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-10-17T12:15:10
- Last Modified Date
- 2022-10-20T19:05:19
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:* | 1 | OR | 1.3.6.5 |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 4.3
- Base Severity
- MEDIUM
- Exploitability Score
- 2.8
- Impact Score
- 1.4
References
| Reference URL | Reference Tags |
|---|---|
| https://wpscan.com/vulnerability/035dffef-4b4b-4afb-9776-7f6c5e56452c |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-3282 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3282 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-10-17 13:00:09 | Added to TrackCVE | |||
| 2022-12-07 08:05:48 | 2022-10-17T12:15Z | 2022-10-17T12:15:10 | CVE Published Date | updated |
| 2022-12-07 08:05:48 | 2022-10-20T19:05:19 | CVE Modified Date | updated | |
| 2022-12-07 08:05:48 | Analyzed | Vulnerability Status | updated |