CVE-2022-3282
Summary
| CVE | CVE-2022-3282 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-17 12:15:00 UTC |
| Updated | 2022-10-20 19:05:00 UTC |
| Description | The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form. |
Risk And Classification
Problem Types: CWE-639
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Codedropz | Drag And Drop Multiple File Upload - Contact Form 7 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass WordPress Security Vulnerability | MISC | wpscan.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Sanjay Das
There are currently no legacy QID mappings associated with this CVE.