Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF
Vulnerability Description
The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress plugin 3dprint 安全漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin 3dprint 3.5.6.9 版本之前存在安全漏洞,该漏洞源于插件中包含的 Tiny File Manager 的修改版本无法防止跨站请求伪造攻击,从而允许攻击者通过欺骗登录的管理员提交表单来制作恶意请求,删除目标服务器上的
CVSS Information
N/A
Vulnerability Type
N/A