We discovered another type of remote code execution vulnerability in the Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5. When the plugin receives a POST request with a large file attached, it doesn’t properly check the file size against the configured limit. As a result, attackers could upload a file with a crafted size that would cause the plugin to process the file even when the limit has been set. This would allow an attacker to control the uploaded file or inject malicious code. We discovered another type of remote code execution vulnerability in the Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5. When the plugin receives a request with a large file attached, it doesn’t properly check the file size against the configured limit. As a result, attackers could upload a file with a crafted size that would cause the plugin to process the file even when the limit has been set. This would allow an attacker to control the uploaded file or inject malicious code. We discovered another type of remote code execution vulnerability in the Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5. When the plugin receives a POST request with a large file attached, it doesn’t properly check the file size against the configured limit. As a result, attackers could upload a file with a crafted size that would cause the plugin to process the file even when the limit has been set

Security Risk:

This vulnerability could be exploited by malicious people to gain control of uploaded files. The vulnerability may allow attackers to upload arbitrary files and execute arbitrary code in the context of the WordPress installation.
Security Risk:
This vulnerability could be exploited by malicious people to gain control of uploaded files. The vulnerability may allow attackers to upload arbitrary files and execute arbitrary code in the context of the WordPress installation.

CVE-2022-3283

We discovered another type of remote code execution vulnerability in the Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5. When the plugin receives a request with a large file attached, it doesn’t properly check the file size against the configured limit. As a result, attackers could upload a file with a crafted size that would cause the plugin to process the file even when the limit has been set. This would allow an attacker to control the uploaded file or inject malicious code.

Drag and Drop Multiple File Upload Vulnerability

In WordPress, attackers could upload a file with a crafted size that would cause the plugin to process the file even when the limit has been set. This would allow an attacker to control the uploaded file or inject malicious code.

Timeline

Published on: 10/17/2022 12:15:00 UTC
Last modified on: 10/20/2022 19:05:00 UTC

References