CVE-2020-36728

Опубликовано: 07 июн. 2023

Источник: nvd

CVSS3: 6.5

CVSS3: 9.8

EPSS Высокий

Описание

The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.

Ссылки

https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
Third Party Advisory
https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
Product
https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve
Third Party Advisory
https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
Third Party Advisory
https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
Product
https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tunasite:adning_advertising:*:*:*:*:*:wordpress:*:*

Версия до 1.5.6 (исключая)

EPSS

Процентиль: 99%

0.79365

Высокий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

Связанные уязвимости

GHSA-52gj-66p3-r6v6

CVSS3: 6.5

github

больше 2 лет назад

EPSS

Процентиль: 99%

0.79365

Высокий

6.5 Medium

CVSS3

9.8 Critical

CVSS3