← voltar
CVE-2019-25213

Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read

CVSS 9.8 CRITICALEPSS 2.7%CWE-22
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
vasyltech · Advanced Access Manager – Access Governance for WordPress

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://plugins.trac.wordpress.org/changeset/2098838/advanced-access-manager/trunk/application/Core/Media.php?old=2151316&old_path=advanced-access-manager%2Ftrunk%2Fapplication%2FCore%2FMedia.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/55e0f0df-7be2-4e18-988c-2cc558768eff?source=cve