Lucene search
Apple502jWPEX-ID:C14E1BA6-FC00-4150-B541-0D6740FEE4D2HistoryDec 29, 2021 - 12:00 a.m.
Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
2021-12-2900:00:00
apple502j
66
0.001 Low
EPSS
Percentile
28.0%
The plugin does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
On Web Servers other than Windows, the /wp-content/plugins/error-log-viewer/saved_logs/ folder must exist for the attack to be successful, on Windows ones, there is no need for it
To delete the readme.txt of the plugin: https://example.com/wp-admin/admin.php?page=rrrlgvwr-monitor.php&saved_logs_action=delete&rrrlgvwr_check_del=../readmeRelated
cve
cve
CVE-2021-24761
2022-02-01 13:15:08
prion
prion
Path traversal
2022-02-01 13:15:00
nvd
nvd
CVE-2021-24761
2022-02-01 13:15:08
patchstack
patchstack
cvelist
cvelist
wpvulndb
wpvulndb
Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
2021-12-29 00:00:00