Lucene search
+L

4 matches found

NVD
NVD
added 2024/05/06 6:15 p.m.17 views

CVE-2024-32807

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17...

8.5CVSS8.4AI score0.00647EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/06 5:44 p.m.17 views

CVE-2024-32807 WordPress Brevo for WooCommerce plugin <= 4.0.17 - Arbitrary File Download and Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17...

8.5CVSS6.8AI score0.00647EPSS
Exploits0References1
CVE
CVE
added 2024/05/06 5:44 p.m.79 views

CVE-2024-32807

CVE-2024-32807 affects Brevo (Sendinblue) for WooCommerce up to version 4.0.17. It is described as a Path Traversal vulnerability that could enable manipulation of input to file-system calls, with the Wordfence entry noting an Authenticated (Editor+) path to Arbitrary File Download and Deletion. ...

8.5CVSS6.7AI score0.00647EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.13 views

WordPress Sendinblue for WooCommerce Plugin <= 4.0.17 is vulnerable to Arbitrary File Download

Software Sendinblue for WooCommerce Type Plugin Vulnerable versions = 4.0.17 Fixed in 4.0.18 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Download CVE CVE-2024-32807 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 1a6d8c4d6ed3 Credits Yudistira Arya...

8.5CVSS6.5AI score0.00647EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder