Описание
The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. sequence within a pathname in cases where front-side file management occurs on a non-Linux platform.
The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. sequence within a pathname in cases where front-side file management occurs on a non-Linux platform.
EPSS
Процентиль: 99%
0.73101
Высокий
CVE ID
Связанные уязвимости
CVSS3: 9.8
nvd
больше 5 лет назад
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.
EPSS
Процентиль: 99%
0.73101
Высокий