CVE-2021-24695

Exploit

EPSS 1.63%
Veröffentlicht 08.11.2021 18:15:09
Zuletzt bearbeitet 21.11.2024 05:53:34
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Simple Download Monitor < 3.9.6 - Unauthenticated Log Access

Simple Download Monitor <= 3.9.5 - Sensitive Data Exposure

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames

Mögliche Gegenmaßnahme

Simple Download Monitor: Update to version 3.9.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tipsandtricks-hq ≫ Simple Download Monitor SwPlatformwordpress Version < 3.9.5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Simple Download Monitor

Version [*, 3.9.6)

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.63%	0.73

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

https://wpscan.com/vulnerability/d7bdaf2b-cdd9-4aee-b1bb-01728160ff25

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/43f38a87-ac2c-4b5a-9559-d529c4b2799c

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-24695

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-24695

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-24695

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-24695