Lucene search
K

132 matches found

Cvelist
Cvelist
added 2024/10/12 6:51 a.m.41 views

CVE-2024-9047 WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...

9.8CVSS0.92319EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2024/10/12 6:51 a.m.36 views

CVE-2024-9047 WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...

9.8CVSS9.4AI score0.92319EPSS
Exploits4References2
CVE
CVE
added 2024/10/12 6:51 a.m.231 views

CVE-2024-9047

CVE-2024-9047 affects the WordPress WordPress File Upload plugin up to version 4.24.11. The vulnerability is a path traversal in wfu_file_downloader.php that allows unauthenticated attackers to read or delete files outside the intended directory on WordPress sites running PHP 7.4 or earlier. Conn...

9.8CVSS9.4AI score0.92319EPSS
In wildExploits4References2Affected Software1
OSV
OSV
added 2024/09/16 10:36 a.m.35 views

RHSA-2023:2903 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

8.1CVSS7.7AI score0.49336EPSS
Exploits7References33
OSV
OSV
added 2024/09/16 8:59 a.m.27 views

RHSA-2022:6541 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

7.8CVSS7.7AI score0.84554EPSS
Exploits5References16
OSV
OSV
added 2024/09/16 8:59 a.m.15 views

RHSA-2022:6542 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

7.8CVSS7.7AI score0.84554EPSS
Exploits5References16
OSV
OSV
added 2024/09/16 8:39 a.m.20 views

RHSA-2022:7628 Red Hat Security Advisory: php:7.4 security, bug fix, and enhancement update

Bulletin has no description...

9.8CVSS7.6AI score0.73377EPSS
Exploits2References18
OSV
OSV
added 2024/09/13 10:48 p.m.17 views

RHSA-2022:1935 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

6.4CVSS6.7AI score0.01945EPSS
Exploits2References13
OSV
OSV
added 2024/09/13 9:2 p.m.12 views

RHSA-2022:6158 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

7CVSS8.5AI score0.03437EPSS
Exploits1References8
OSV
OSV
added 2024/09/13 9:1 p.m.17 views

RHSA-2022:5467 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

8.8CVSS8.9AI score0.5838EPSS
Exploits2References8
OSV
OSV
added 2024/09/13 9:1 p.m.17 views

RHSA-2022:5471 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

8.8CVSS8.9AI score0.5838EPSS
Exploits2References8
CVE
CVE
added 2023/12/23 1:59 a.m.61 views

CVE-2023-6971

The Backup Migration plugin for WordPress (versions 1.0.8–1.3.9) is affected by CVE-2023-6971 due to a Remote File Inclusion via the content-dir header, enabling unauthenticated code execution when PHP is configured with allow_url_include=-on. The issue is exploitable under specific PHP configura...

9.8CVSS9.7AI score0.06419EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/23 1:59 a.m.22 views

CVE-2023-6971

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of...

8.1CVSS9.9AI score0.06419EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/12/22 12:0 a.m.21 views

Backup Migration 1.0.8 - 1.3.9 - Remote File Inclusion via content-dir

Description The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful...

9.8CVSS7.6AI score0.06419EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/13 7:15 p.m.22 views

Design/Logic Flaw

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue...

7.5CVSS8.2AI score0.01259EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/13 6:25 p.m.23 views

CVE-2023-46726 GLPI Remote code execution from LDAP server configuration form on PHP 7.4

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue...

7.2CVSS10AI score0.01259EPSS
Exploits0References3
CVE
CVE
added 2023/12/13 6:25 p.m.45 views

CVE-2023-46726

GLPI (free IT Asset Management) versions before 10.0.11 on PHP 7.4 are affected by CVE-2023-46726: LDAP server configuration form can be abused to execute arbitrary code uploaded as a GLPI document. Version 10.0.11 includes a patch. Remediation is to upgrade to a version containing the fix (per t...

9.8CVSS8.8AI score0.01259EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/12/13 6:25 p.m.23 views

CVE-2023-46726 GLPI Remote code execution from LDAP server configuration form on PHP 7.4

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue...

7.2CVSS9.6AI score0.01259EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2023/12/13 12:0 a.m.32 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.11 Changelog SECURITY - moderate Authenticated SQL Injection CVE-2023-43813 SECURITY - high SQL injection through inventory agent request CVE-2023-46727 SECURITY - high Remote code execution from LDAP server configuration form on PHP 7.4 CVE-2023-46726...

9.8CVSS9.5AI score0.67107EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.34 views

Rocky Linux 8 : php:7.4 (RLSA-2022:6158)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6158 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the...

8.1CVSS8AI score0.03437EPSS
Exploits1References3
Rows per page
Query Builder