3 matches found
CVE-2023-0156 All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal
The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...
CVE-2023-0156
The CVE concerns All-In-One Security (AIOS) WordPress plugin before v5.1.5. The issue permits an authorized admin+ user to view arbitrary server files and list directories via the plugin’s settings page, by bypassing limits on which log files are displayed. The impact is disclosure of file conten...
CVE-2023-0156 All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal
The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...