Lucene search

[email protected]CVE-2021-39316

HistoryAug 31, 2021 - 12:15 p.m.

CVE-2021-39316

2021-08-3112:15:00

CWE-552

CWE-22

[email protected]

web.nvd.nist.gov

zoomsounds

wordpress

cve-2021-39316

security

vulnerability

file download

directory traversal

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.361 Low

EPSS

Percentile

97.1%

JSON

The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsap_download action using directory traversal in the link parameter.

CPENameOperatorVersion
digitalzoomstudio:zoomsoundsdigitalzoomstudio zoomsoundsle6.45

CPE	Name	Operator	Version
digitalzoomstudio:zoomsounds	digitalzoomstudio zoomsounds	le	6.45

References

packetstormsecurity.com/files/165146/WordPress-DZS-Zoomsounds-6.45-Arbitrary-File-Read.html

www.wordfence.com/vulnerability-advisories/#CVE-2021-39316

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.361 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2021-39316

wpvulndb1 dsquare1 packetstorm1 prion1 zdt1 patchstack1 nuclei1 exploitdb1