CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24142 – Video Downloader for TikTok < 1.4 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-24142
13 Apr 2021 — Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services Una vulnerabilidad de tipo Server-side request forgery en el plugin Video Downloader para TikTok (también se conoce como downloader-tiktok) versión 1.3 para WordPress, permite a ... • https://github.com/secwx/research/blob/main/cve/CVE-2020-24142.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24143 – Video Downloader for TikTok < 1.4 - Directory Traversal
https://notcve.org/view.php?id=CVE-2020-24143
13 Apr 2021 — Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. Un salto de Directorio en el plugin Video Downloader para TikTok (también se conoce como downloader-tiktok) versión 1.3 para WordPress, permite a un atacante acceder a archivos almacenados fuera de la carpeta root de la web por medio del parámetro njt-tk-download-video • https://github.com/secwx/research/blob/main/cve/CVE-2020-24143.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •