Описание
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php
Ссылки
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.9.8.1 (включая)
cpe:2.3:a:vasyltech:advanced_access_manager:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 97%
0.3958
Средний
9.8 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php
EPSS
Процентиль: 97%
0.3958
Средний
9.8 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22