The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785 | Exploit Third Party Advisory |
Configurations
History
28 Sep 2022, 16:30
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
References | (MISC) https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785 - Exploit, Third Party Advisory | |
First Time |
Adobe download Manager
Adobe |
|
CPE | cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:* |
26 Sep 2022, 13:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-26 13:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2926
Mitre link : CVE-2022-2926
CVE.ORG link : CVE-2022-2926
JSON object : View
Products Affected
adobe
- download_manager
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')