CVE-2021-24966

Exploit

EPSS 4.25%
Veröffentlicht 14.03.2022 15:15:08
Zuletzt bearbeitet 21.11.2024 05:54:06
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Error Log Viewer <= 1.1.1 - Arbitrary File Deletion

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder

Mögliche Gegenmaßnahme

Error Log Viewer by BestWebSoft: Update to version 1.1.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Error Log Viewer by BestWebSoft

Version *-1.1.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bestwebsoft ≫ Error Log Viewer SwPlatformwordpress Version <= 1.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.25%	0.883

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/37bfc71f-e1f9-4374-ab65-9b1c321ff386

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-24966

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-24966

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-24966

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-24966