CVE-2022-0779
N/A
N/A
Summary
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | User Meta – User Profile Builder and User management plugin | 2.4.4 < 2.4.4 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.