2 results (0.005 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks El complemento Quttera Web Malware Scanner de WordPress anterior a 3.4.2.1 no valida la entrada del usuario utilizada en una ruta, lo que podría permitir a los usuarios con función de administrador realizar ataques de path traversal. The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.1.48 via the ShowFile function. This allows an administrator to view arbitrary files on the server. • https://drive.google.com/file/d/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1/view?usp=sharing https://wpscan.com/vulnerability/df892e99-c0f6-42b8-a834-fc55d1bde130 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code El complemento Quttera Web Malware Scanner de WordPress anterior a 3.4.2.1 no restringe el acceso a registros de escaneo detallados, lo que permite a un actor malintencionado descubrir rutas locales y partes del código del sitio. The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1.48 via easy to guess scan log file names. This makes it possible for unauthenticated attackers to extract sensitive data. • https://drive.google.com/file/d/1w83xWsVLS_gCpQy4LDwbjNK9JaB87EEf/view?usp=sharing https://wpscan.com/vulnerability/64f2557f-c5e4-4779-9e28-911dfaf2dda5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •