PT-2018-18597 · WordPress · Wp Security Audit Log

Colette Chamberland

Publicado

2018-04-04

Atualizado

2018-05-11

CVE-2018-8719

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions WP Security Audit Log plugin version 3.1.1

Description An issue was discovered in the WP Security Audit Log plugin where access to files in the wp-content/uploads/wp-security-audit-log/* directory is not restricted. This allows these files to be indexed by search engines like Google, potentially exposing sensitive information to attackers.

Recommendations For WP Security Audit Log plugin version 3.1.1, consider restricting access to the wp-content/uploads/wp-security-audit-log/* directory to prevent sensitive information from being exposed.

Exploit

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

CVE-2018-8719

Produtos afetados

Wp Security Audit Log

PT-2018-18597 · WordPress · Wp Security Audit Log

CVE-2018-8719

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3