CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2019-16902 – ARforms <= 3.7.1 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2019-16902
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. En el plugin Arforms versión 3.7.1 para WordPress, la función arf_delete_file en el archivo arformcontroller.php permite la eliminación no autenticada de un archivo arbitrario mediante el suministro del nombre de ruta completo. • https://www.exploit-db.com/exploits/47443 http://almorabea.net/cve-2019-16902.txt https://www.arformsplugin.com/documentation/changelog • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15818 – Repute ARForms <= 3.5.1 - Unauthenticated Arbitrary File Deletion via Path Traversal
https://notcve.org/view.php?id=CVE-2018-15818
An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker is able to delete any file on the server with web server privileges by sending a malicious request to admin-ajax.php. Se ha descubierto un problema en Repute ARForms, en versiones 3.5.1 y anteriores. Un atacante puede eliminar cualquier archivo en el servidor con privilegios del servidor web mediante el envío de una petición maliciosa a admin-ajax.php. WordPress Arforms plugin versions 3.5.1 and below suffer from an arbitrary file deletion vulnerability. • http://packetstormsecurity.com/files/149981/WordPress-Arforms-3.5.1-Arbitrary-File-Delete.html https://wpvulndb.com/vulnerabilities/9139 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •