CVE-2018-5310

Опубликовано: 09 янв. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI.

Ссылки

https://github.com/d4wner/Vulnerabilities-Report/blob/master/media-from-ftp.md
Exploit
Third Party Advisory
https://wordpress.org/plugins/media-from-ftp/#developers
Product
Release Notes
https://wordpress.org/support/topic/any-directory-traversal-bugs-at-the-latest-version-of-media-from-ftp/
Broken Link
https://github.com/d4wner/Vulnerabilities-Report/blob/master/media-from-ftp.md
Exploit
Third Party Advisory
https://wordpress.org/plugins/media-from-ftp/#developers
Product
Release Notes
https://wordpress.org/support/topic/any-directory-traversal-bugs-at-the-latest-version-of-media-from-ftp/
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:media_from_ftp_project:media_from_ftp:*:*:*:*:*:wordpress:*:*

Версия до 9.85 (исключая)

EPSS

Процентиль: 68%

0.0058

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-gr39-96qx-fw82