Vulnerability Description
An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Reputeinfosystems | Repute Arforms | <= 3.5.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/149981/WordPress-Arforms-3.5.1-Arbitrary-FiExploitThird Party AdvisoryVDB Entry
- https://wpvulndb.com/vulnerabilities/9139Third Party Advisory
- http://packetstormsecurity.com/files/149981/WordPress-Arforms-3.5.1-Arbitrary-FiExploitThird Party AdvisoryVDB Entry
- https://wpvulndb.com/vulnerabilities/9139Third Party Advisory
FAQ
What is CVE-2018-15818?
CVE-2018-15818 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php.
How severe is CVE-2018-15818?
CVE-2018-15818 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15818?
Check the references section above for vendor advisories and patch information. Affected products include: Reputeinfosystems Repute Arforms.