CVE-2018-25437

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download backup.php endpoint. Attackers can directly access the download backup.php script in the admin/data management directory to obtain ZIP archives containing the entire wp-content/themes directory contents.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2018-25437

Affected Products

Undefined

CVE-2018-25437

Weakness Enumeration

Related Identifiers

Affected Products

References · 4