Lucene search

[email protected]CVE-2014-9461

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-9461

2022-10-0316:20:41

CWE-22

[email protected]

web.nvd.nist.gov

cve-2014-9461

directory traversal

cart66 lite plugin

wordpress

remote authenticated users

arbitrary files

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.6%

JSON

Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a … (dot dot) in the member_download action to wp-admin/admin-ajax.php.

Affected configurations

NVD

Node

reality66cart66_liteRange≤1.5.3wordpress

CPENameOperatorVersion
reality66:cart66_litereality66 cart66 litele1.5.3

CPE	Name	Operator	Version
reality66:cart66_lite	reality66 cart66 lite	le	1.5.3

References

plugins.trac.wordpress.org/changeset/1052064/cart66-lite

research.g0blin.co.uk/g0blin-00021/

wordpress.org/plugins/cart66-lite/changelog/

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for CVE-2014-9461

wpvulndb1 prion1 patchstack1 nvd1 cvelist1