7.5
CVE-2018-7204
- EPSS 2.87%
- Veröffentlicht 07.03.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:11:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBit File Manager <= 5.0.0 - Information Disclosure
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites.
Mögliche Gegenmaßnahme
File Manager: Update to version 5.0.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Giribaz ≫ File Manager SwPlatformwordpress Version <= 5.0.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
File Manager
Version
*-5.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.87% | 0.85 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
https://plugins.trac.wordpress.org/changeset/1823035/file-manager
https://wordpress.org/plugins/file-manager/#developers
https://wpvulndb.com/vulnerabilities/9036
https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ae27c4-0381-4622-90e8-f4fee29767a3