2 matches found
CVE-2021-24549
The CVE concerns the WordPress plugin AceIDE (versions up to 2.6.2). The root cause is failure to sanitize/validate user input appended to system paths, enabling a path-traversal attack. Affected functionality includes actions such as reading server files via admin privileges. Exploitation requir...
CVE-2021-24549 AceIDE <= 2.6.2 - Authenticated (admin+) Arbitrary File Access
The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server...