Severity Rating: HIGH
Software Affected
Contact Form 7 5.3.1 and older versions
Overview
A vulnerability has been discovered in Contact Form 7 version 5.3.1 or
older that allows an attacker to upload malicious scripts.
Description
An unrestricted file upload vulnerability is found in a Word Press plug-in.
An attacker can exploit this vulnerability to upload arbitrary code and
run it in the context of the web server process. This may facilitate
unauthorized access or privilege escalation. It allows an unauthenticated
user to bypass any form file-type restrictions in Contact Form 7 and upload
an executable binary to a site running the plug-in version 5.3.1 or
earlier.
Successful exploitation of this vulnerability could allow the attacker to
bypass any form file-type restrictions in Contact Form 7.
Solution
Update to Contact Form 7 5.3.2
Vendor Information
Word Press
References
Acunetix
7-arbitrary-file-upload-3-5-2/
Searchenginejournal
on-sites/391111/
Threatpost
Security newspaper
wordpress-sites-affected-by-critical-vulnerability/
Tenable
CVE Name
CVE-2020-35489
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.