Lucene search

[email protected]NVD:CVE-2024-43955

HistoryAug 29, 2024 - 4:15 p.m.

CVE-2024-43955

2024-08-2916:15:09

CWE-22

[email protected]

web.nvd.nist.gov

cve-2024-43955

path traversal

file manipulation

themeum droip

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.3%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.

Affected configurations

Nvd

Node

themeumdroipRange≤1.1.1wordpress

VendorProductVersionCPE
themeumdroip*cpe:2.3:a:themeum:droip:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
themeum	droip	*	cpe:2.3:a:themeum:droip::::::wordpress::*

References

patchstack.com/database/vulnerability/droip/wordpress-droip-plugin-1-1-1-unauthenticated-arbitrary-file-download-deletion-vulnerability?_s_id=cve

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.3%

JSON

Related for NVD:CVE-2024-43955

cvelist1 cve1 vulnrichment1 wordfence1