Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read
Vulnerability Description
The Contact Forms - Drag & Drop Contact Form Builder WordPress plugin through 1.0.5 allows high privilege users to download arbitrary files from the web server via a path traversal attack
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
WordPress plugin 路径遍历漏洞
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 Wordpress Plugin Drag & Drop Contact Form 中存在路径遍历漏洞,该漏洞源于产品的文件下载功能未对特殊符号进行有效处理。攻击者可通过该漏洞下载任意文件。以下产品及版本受到影响:Wordpress Plugin Drag & Drop Contact Form
CVSS Information
N/A
Vulnerability Type
N/A