exploitDog

CVE-2024-10708

Опубликовано: 10 дек. 2024

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server

Ссылки

https://wpscan.com/vulnerability/61d750a5-8c2c-4c94-a1a9-6a254c2a0d03/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bowo:system_dashboard:*:*:*:*:*:wordpress:*:*

Версия до 2.8.15 (исключая)

EPSS

Процентиль: 89%

0.04834

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-j3vp-3p2j-8q53

CVSS3: 4.9

github

около 1 года назад

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server

EPSS

Процентиль: 89%

0.04834

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-22