Описание
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the originally intended directory.
Ссылки
EPSS
Процентиль: 15%
0.00049
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-36
Связанные уязвимости
CVSS3: 4.9
github
5 месяцев назад
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the originally intended directory.
EPSS
Процентиль: 15%
0.00049
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-36