Описание
The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.2 (исключая)
cpe:2.3:a:bestwebsoft:error_log_viewer:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 45%
0.00226
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 6.5
github
около 4 лет назад
The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
EPSS
Процентиль: 45%
0.00226
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22
CWE-22