4 matches found
PT-2025-33508
Name of the Vulnerable Software and Affected Versions: go-getter versions prior to 1.7.9 Description: The go-getter library subdirectory download feature is susceptible to symlink attacks, potentially allowing unauthorized read access beyond the intended directory boundaries. Recommendations:...
HashiCorp go-getter 安全漏洞
HashiCorp go-getter is a library for Go golang from HashiCorp, Inc. for downloading files or directories from various sources using URLs as the primary form of input. A security vulnerability exists in HashiCorp go-getter versions prior to 1.7.9, which stems from a symbolic link attack and could...
WordPress 插件跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...
PT-2021-16264
Name of the Vulnerable Software and Affected Versions: The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin versions prior to 1.7.9 Description: The issue concerns a lack of CSRF check when deleting logs, which could allow an attacker to make a logged-in admin delete...