CVE-2016-0796

Exploit

EPSS 0.57%
Veröffentlicht 28.07.2022 17:15:07
Zuletzt bearbeitet 21.11.2024 02:42:24
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

mb.miniAudioPlayer <= 1.7.6 - Multiple Vulnerabilities

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable; prior versions may also be affected.

Mögliche Gegenmaßnahme

mb.miniAudioPlayer – an HTML5 audio player for your mp3 files: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt mb.miniAudioPlayer – an HTML5 audio player for your mp3 files

Version *-1.7.6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mb.Miniaudioplayer Project ≫ Mb.Miniaudioplayer SwPlatformwordpress Version <= 1.7.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.57%	0.678

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

http://www.vapidlabs.com/advisory.php?v=162

Third Party Advisory

Exploit

https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-mb-miniaudioplayer-an-html5-audio-player-for-your-mp3-files-multiple-vulnerabilities-1-7-6/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/381708ae-3180-4058-a6f4-e925bfc658ec

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-0796

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0796

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0796

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-0796