The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-14T14:41:06
Updated: 2022-03-14T14:41:06
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24966
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-14T15:15:08.760
Modified: 2022-03-20T03:30:53.710
Link: CVE-2021-24966
JSON object: View
Redhat Information
No data.
CWE