{
  "schema_version": "1.4.0",
  "id": "GHSA-6c67-cppc-86v4",
  "modified": "2022-05-24T17:37:28Z",
  "published": "2022-05-24T17:37:28Z",
  "aliases": [
    "CVE-2020-35627"
  ],
  "details": "Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function \"Custom Gift Card Template\", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35627"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/bc0d3/cbc458f0fcbe0f897e529c7f3d77c9d6"
    },
    {
      "type": "WEB",
      "url": "https://makewebbetter.com/product/giftware-woocommerce-gift-cards"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434"
    ],
    "severity": "HIGH",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-28T15:15:00Z"
  }
}