exploitDog

CVE-2021-24966

Опубликовано: 14 мар. 2022

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder

Ссылки

https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bestwebsoft:error_log_viewer:*:*:*:*:*:wordpress:*:*

Версия до 1.1.1 (включая)

EPSS

Процентиль: 89%

0.04253

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-73

Связанные уязвимости

GHSA-6x4q-qqxj-h82w

CVSS3: 4.9

github

почти 4 года назад

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder

EPSS

Процентиль: 89%

0.04253

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-73