Vulnerability Details CVE-2022-24984
Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content (e.g., .phtml or .php.bak) is blocked.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.8
References
Products affected by CVE-2022-24984
-
cpe:2.3:a:jqueryform:jqueryform:*