CVE-2024-50525

Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into the largest catalog of customized print products from Helloprint: from n/a through 2.0.2.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/helloprint/wordpress-helloprint-plugin-2-0-2-arbitrary-file-upload-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:helloprint:helloprint:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-11-04 14:15

Updated : 2024-11-06 15:42

NVD link : CVE-2024-50525

Mitre link : CVE-2024-50525

CVE.ORG link : CVE-2024-50525

JSON object : View

Products Affected

helloprint

helloprint

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-50525", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-11-04T14:15:14.983", "references": [{"url": "https://patchstack.com/database/vulnerability/helloprint/wordpress-helloprint-plugin-2-0-2-arbitrary-file-upload-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a Web Server.This issue affects Plug your WooCommerce into the largest catalog of customized print products from Helloprint: from n/a through 2.0.2."}, {"lang": "es", "value": "Vulnerabilidad de carga sin restricciones de archivo con tipo peligroso en Helloprint Plug your WooCommerce al cat\u00e1logo m\u00e1s grande de productos de impresi\u00f3n personalizados de Helloprint permite cargar un Web Shell a un servidor web. Este problema afecta a Plug your WooCommerce al cat\u00e1logo m\u00e1s grande de productos de impresi\u00f3n personalizados de Helloprint: desde n/a hasta 2.0.2."}], "lastModified": "2024-11-06T15:42:52.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:helloprint:helloprint:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "22AC50B9-EF2F-4D67-971B-9EA549A7F4C7", "versionEndIncluding": "2.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}