4 matches found
CVE-2024-4388
This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server...
CVE-2024-4388 CAS <= 1.0.0 - Unauthenticated Arbitrary File Access
This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server...
CVE-2024-4388 CAS <= 1.0.0 - Unauthenticated Arbitrary File Access
This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server...
CVE-2024-4388
CVE-2024-4388 affects the WordPress CAS plugin (versions <= 1.0.0). The vulnerability arises from a failure to validate a user-supplied path when downloading files, enabling an unauthenticated attacker to download arbitrary server files via endpoints like download.php?path=.... Several connect...