Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download
Vulnerability Description
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress plugin KIWIZ Invoices Certification & PDF System 安全漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin KIWIZ Invoices Certification & PDF System 2.1.3 版本及之前版本存在安全漏洞,该漏洞源于不验证要下载的文件的路径,这可能允许未经身份验证的攻击者读取/下载任意文件,以及执行 PHA
CVSS Information
N/A
Vulnerability Type
N/A