4 matches found
CVE-2024-32807
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17...
CVE-2024-32807 WordPress Brevo for WooCommerce plugin <= 4.0.17 - Arbitrary File Download and Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17...
CVE-2024-32807
CVE-2024-32807 affects Brevo (Sendinblue) for WooCommerce up to version 4.0.17. It is described as a Path Traversal vulnerability that could enable manipulation of input to file-system calls, with the Wordfence entry noting an Authenticated (Editor+) path to Arbitrary File Download and Deletion. ...
WordPress Sendinblue for WooCommerce Plugin <= 4.0.17 is vulnerable to Arbitrary File Download
Software Sendinblue for WooCommerce Type Plugin Vulnerable versions = 4.0.17 Fixed in 4.0.18 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32807 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 1a6d8c4d6ed3 Credits Yudistira Arya...