Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

对路径名的限制不恰当(路径遍历)

WordPress plugin Meta Box 路径遍历漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Meta Box 5.11.1及之前版本存在路径遍历漏洞，该漏洞源于ajax_delete_file函数文件路径验证不足，可能导致具有贡献者及以上权限的攻击者删除服务器任意文件，进而导致远程代码执行。

N/A

N/A