admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-30 10:10:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-4101.md

19 lines
962 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-4101](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4101)
![](https://img.shields.io/static/v1?label=Product&message=Images%20Optimize%20and%20Upload%20CF7&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%200%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
### Description
The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.
### POC
#### Reference
- https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb
Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
#### Github
- https://github.com/cyllective/CVEs
Reference in New Issue Copy Permalink