4 matches found
CVE-2024-6854
CVE-2024-6854 affects h2oai/h2o-3 (v3.46.0). The export-model endpoint does not restrict the destination path, enabling an attacker to export a model to arbitrary locations on the server’s filesystem and overwrite files. The overwrite target content is not controllable by the attacker, but the at...
Ghost Plugin <= 0.5.5 - Unrestricted Export Download
The Ghost WordPress plugin was affected by an Unrestricted Export Download security vulnerability...
WordPress Ghost 0.5.5 Plugin - Unrestricted Export Download
Exploit for php platform in category web applications Exploit Title: WordPress Export to Ghost Unrestricted Export Download Software Link: https://wordpress.org/plugins/ghost Exploit Author: Josh Brody Contact: http://twitter.com/joshmn Website: http://josh.mn/ Category: webapps 1. Description An...
WordPress Ghost Plugin 0.5.5 - Unrestricted Export Download
Because of this vulnerability, anyone can download the Ghost Export file from the website, because an admin user is not correctly checked. Solution Update the plugin...