CVE-2020-12832

Опубликовано: 13 мая 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.

Ссылки

https://ctulhu.me/2020/05/16/cve-2020-12832/
https://plugins.trac.wordpress.org/changeset/2302759
Patch
Vendor Advisory
https://wordpress.org/plugins/simple-file-list/#developers
Release Notes
Vendor Advisory
https://ctulhu.me/2020/05/16/cve-2020-12832/
https://plugins.trac.wordpress.org/changeset/2302759
Patch
Vendor Advisory
https://wordpress.org/plugins/simple-file-list/#developers
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:*

Версия до 4.2.8 (исключая)

EPSS

Процентиль: 99%

0.73101

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-h2cg-59q7-cp5x

github

больше 3 лет назад

The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. sequence within a pathname in cases where front-side file management occurs on a non-Linux platform.