← volver
CVE-2019-25213

Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read

CVSS 9.8 CRITICALEPSS 2.7%CWE-22
Vexday Risk Score
43Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.8EPSS 2.7%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
16 oct 2024Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
vasyltech · Advanced Access Manager – Access Governance for WordPress

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/changeset/2098838/advanced-access-manager/trunk/application/Core/Media.php?old=2151316&old_path=advanced-access-manager%2Ftrunk%2Fapplication%2FCore%2FMedia.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/55e0f0df-7be2-4e18-988c-2cc558768eff?source=cve