Vulnerabilities > CVE-2022-0499 - Unspecified vulnerability in Sermon Browser Project Sermon Browser

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
sermon-browser-project

Summary

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.

Vulnerable Configurations

Part Description Count
Application
Sermon_Browser_Project
64