WordPress Narnoo Distributor <=2.5.1 - Local File Inclusion

WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the libpath parameter before being passed into a call to require via the narnoodistributorlibrequest AJAX action, and the content of the file is displayed in the...

CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of...

VulnCheck KEV: CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure...

WordPress Narnoo Distributor plugin path traversal vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A path traversal vulnerability exists in WordPress Narnoo...

CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of...

CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of...

CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of...

Design/Logic Flaw

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of...

CVE-2022-0679

CVE-2022-0679 affects the WordPress Narnoo Distributor plugin (versions = 2.5.2) or apply vendor-provided patches. If upgrading is not possible, mitigate where feasible by reviewing the handling of lib_path, access controls for the AJAX action, and server file permissions. This CVE description is...

WordPress plugin Narnoo Distributor 路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A path traversal vulnerability exists in WordPress Narnoo...

PT-2022-13353

Name of the Vulnerable Software and Affected Versions Narnoo Distributor WordPress plugin versions 2.5.1 and earlier Description The issue arises from the failure to validate and sanitize the lib path parameter, which is then passed into a call to require via the "narnoo distributor lib request"...

Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE

The plugin fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of arbitrary files as the content of the file is the...

WordPress Narnoo Distributor plugin <= 2.5.1 - Unauthenticated Local File Inclusion (LFI) vulnerability leading to Arbitrary File Read / RCE

Unauthenticated Local File Inclusion LFI vulnerability leading to Arbitrary File Read / RCE discovered by cydave in WordPress Narnoo Distributor plugin versions = 2.5.1. Solution Deactivate and delete. This plugin has been closed as of February 18, 2022 and is not available for download. This...