The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/caf1dbb5-197e-41e9-8f48-ba1f2360a759 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-04-10T13:17:59.914Z
Updated: 2023-04-10T13:17:59.914Z
Reserved: 2023-01-10T12:05:57.391Z
Link: CVE-2023-0156
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-10T14:15:08.100
Modified: 2023-11-07T03:59:45.747
Link: CVE-2023-0156
JSON object: View
Redhat Information
No data.
CWE
No CWE.