CVE-2020-35627

Published: Dec 28, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d77c9d6

x_refsource_MISC

https://makewebbetter.com/product/giftware-woocommerce-gift-cards/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-35627

Description

Affected Products

References