Vulnerability Name: | CVE-2022-2926 (CCN-237665) | ||||||||||||
Assigned: | 2022-09-05 | ||||||||||||
Published: | 2022-09-05 | ||||||||||||
Updated: | 2022-09-28 | ||||||||||||
Summary: | The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory | ||||||||||||
CVSS v3 Severity: | 4.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) 4.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-22 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-2926 Source: XF Type: UNKNOWN downloadmanager-cve20222926-dir-trav(237665) Source: CCN Type: WordPress Plugin Directory Download Manager Source: CCN Type: WPScan Web site Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal Source: MISC Type: Exploit, Third Party Advisory https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |