10 matches found
CVE-2021-24549
The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server...
CVE-2021-24549
The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server...
CVE-2021-24549
The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server...
Path traversal
The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server...
CVE-2021-24549 AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access
The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server...
CVE-2021-24549
The CVE concerns the WordPress plugin AceIDE (versions up to 2.6.2). The root cause is failure to sanitize/validate user input appended to system paths, enabling a path-traversal attack. Affected functionality includes actions such as reading server files via admin privileges. Exploitation requir...
Wordpress Plugin AceIDE 路径遍历漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A path traversal vulnerability exists in the Wordpress Plugin...
AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access
The plugin does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory...
AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access
The plugin does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory...
WordPress AceIDE plugin <= 2.6.2 - Authenticated Local File Inclusion vulnerability
Authenticated Local File Inclusion vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress AceIDE plugin versions = 2.6.2. Solution This plugin has been closed as of June 1, 2021 and is not available for download. Reason: Security Issue...