CVE-2024-9507

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to leverage a PHP filter chain attack and read the contents of arbitrary files on the server, which can contain sensitive information.

Related Vulnerabilities

CVE-2017-11183

MEDIUM
CVSS:4.9(Medium)

front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.

CWE-202017

CVE-2017-14023

MEDIUM
CVSS:4.9(Medium)

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been id...

CWE-202017

CVE-2017-18453

MEDIUM
CVSS:4.9(Medium)

cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).

CWE-202017

CVE-2017-18464

MEDIUM
CVSS:4.9(Medium)

cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).

CWE-202017

CVE-2017-2254

MEDIUM
CVSS:4.9(Medium)

Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input

CWE-202017

CVE-2017-6690

MEDIUM
CVSS:4.9(Medium)

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or...

CWE-202017