Описание
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.10.0 (исключая)
cpe:2.3:a:lana:lana_downloads_manager:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 54%
0.00308
Низкий
4.1 Medium
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 4.1
github
10 месяцев назад
The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server
EPSS
Процентиль: 54%
0.00308
Низкий
4.1 Medium
CVSS3
Дефекты
CWE-22