Asgaros Forum, CVE-2023-5604

CVE, Research URL: CVE-2023-5604
Home page URL: Security reports for Asgaros Forum
Application: Asgaros Forum
Published on: Nov 27, 2023
Research Description: The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.
Affected versions: Min -, max 2.7.1.
Status: vulnerable