CVE-2022-2926

The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*

History

28 Sep 2022, 16:30

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.9
References (MISC) https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785 - (MISC) https://wpscan.com/vulnerability/2a440e1a-a7e4-4106-839a-d93895e16785 - Exploit, Third Party Advisory
First Time Adobe download Manager
Adobe
CPE cpe:2.3:a:adobe:download_manager:*:*:*:*:*:*:*:*

26 Sep 2022, 13:18

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-26 13:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-2926

Mitre link : CVE-2022-2926

CVE.ORG link : CVE-2022-2926


JSON object : View

Products Affected

adobe

  • download_manager
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')