Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability
Vulnerability Description
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
WordPress和WordPress plugin 信息泄露漏洞
Vulnerability Description
WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。File Upload是使用在其中的一个文件上传插件。WordPress plugin是一个应用插件。 WordPress Download Monitor 插件 4.4.6版本及之前版本存在信息泄露漏洞,该漏洞允许通过downloadable_file_urls[0]参数下载任意文件,包括敏感的配置文件,如wp-config.php。也可以从web服务器的主目录中转义,下载操作系统中的任何文件
CVSS Information
N/A
Vulnerability Type
N/A