CVE-2022-2392 - OpenCVE

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Lana	Lana Downloads Manager

Configuration 1 [-]

cpe:2.3:a:lana:lana_downloads_manager:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-08-22T15:03:01

Updated: 2022-08-22T15:03:01

Reserved: 2022-07-12T00:00:00

Link: CVE-2022-2392

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-22T15:15:15.013

Modified: 2022-08-25T02:53:38.237

Link: CVE-2022-2392

JSON object: View

Redhat Information

No data.

CWE

CWE-552

{"containers": {"cna": {"affected": [{"product": "Lana Downloads Manager", "vendor": "Unknown", "versions": [{"lessThan": "1.8.0", "status": "affected", "version": "1.8.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Raad Haddad"}], "descriptions": [{"lang": "en", "value": "The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with \"Contributor\" permissions or higher."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-22T15:03:01", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"}], "source": {"discovery": "EXTERNAL"}, "title": "Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-2392", "STATE": "PUBLIC", "TITLE": "Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lana Downloads Manager", "version": {"version_data": [{"version_affected": "<", "version_name": "1.8.0", "version_value": "1.8.0"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Raad Haddad"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with \"Contributor\" permissions or higher."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-552 Files or Directories Accessible to External Parties"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-2392", "datePublished": "2022-08-22T15:03:01", "dateReserved": "2022-07-12T00:00:00", "dateUpdated": "2022-08-22T15:03:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}