| |
Podatność CVE-2022-1560
Publikacja: 2022-05-16
Opis: |
The Amministrazione Aperta WordPress plugin through 3.7.3 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link |
Typ:
CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))
Referencje: |
https://wpscan.com/vulnerability/5c5fbbea-92d2-46bb-9a70-75155fffb6de
|
|
|
Copyright 2024, cxsecurity.com
|
|
|