CVE-2020-36728

Exploit

EPSS 3.16%
Veröffentlicht 07.06.2023 13:15:09
Zuletzt bearbeitet 08.04.2026 19:17:36
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal

The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.

Mögliche Gegenmaßnahme

Adning Advertising: Update to version 1.5.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tunasite ≫ Adning Advertising SwPlatformwordpress Version < 1.5.6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Adning Advertising

Version *-1.5.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.16%	0.863

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@wordfence.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/

Third Party Advisory

https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693

Product

https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-36728

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-36728

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-36728

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-36728