VDB-97377 · CVE-2017-20091 · GCVE-100-97377

File Manager Plugin 3.0.1 ka WordPress Kari ndiyam site laa request forgery

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin File Manager Plugin 3.0.1 on WordPress. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi Kari ndiyam site laa request forgery. CWE shidin ka a yi bayani matsala sai ya kai CWE-352. Gaskiya, laifi an fitar da shi 03/01/2017 ta David Vaartjes a matsayin Cross-Site Request Forgery in File Manager WordPress plugin a matsayin Mailinglist Post (Bugtraq). Advisory ɗin ana rabawa don saukewa a seclists.org. Wannan rauni ana sayar da shi da suna CVE-2017-20091. Ngam yiɗi ka a tuma ndiyam ka nder internet. Tekinikal bayani ba ga. Ba exploit ɗin da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro a wondi feere. Kama 0-day, an ndiyam a wuro be $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 Goyarwa · 41 Datenpunkte

Furɗe	Súgá 03/01/2017 17:34	Gargadi 1/2 08/18/2020 09:21	Gargadi 2/2 06/19/2022 18:01
software_name	File Manager Plugin	File Manager Plugin	File Manager Plugin
software_version	3.0.1	3.0.1	3.0.1
software_platform	WordPress	WordPress	WordPress
vulnerability_risk	1	1	1
cvss2_vuldb_basescore	4.3	4.3	4.3
cvss2_vuldb_tempscore	4.1	4.1	4.1
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss3_meta_basescore	4.3	4.3	4.3
cvss3_meta_tempscore	4.2	4.2	4.2
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.2	4.2	4.2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
advisory_date	1488326400 (03/01/2017)	1488326400 (03/01/2017)	1488326400 (03/01/2017)
advisory_location	Bugtraq	Bugtraq	Bugtraq
advisory_type	Mailinglist Post	Mailinglist Post	Mailinglist Post
advisory_url	http://seclists.org/bugtraq/2017/Feb/57	http://seclists.org/bugtraq/2017/Feb/57	http://seclists.org/bugtraq/2017/Feb/57
advisory_identifier	Cross-Site Request Forgery in File Manager WordPress plugin	Cross-Site Request Forgery in File Manager WordPress plugin	Cross-Site Request Forgery in File Manager WordPress plugin
person_name	David Vaartjes	David Vaartjes	David Vaartjes
price_0day	$0-$5k	$0-$5k	$0-$5k
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	U	U	U
cvss2_vuldb_rc	UR	UR	UR
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	U	U	U
cvss3_vuldb_rc	R	R	R
software_type		WordPress Plugin	WordPress Plugin
vulnerability_cwe		CWE-352 (Kari ndiyam site laa request forgery)	CWE-352 (Kari ndiyam site laa request forgery)
source_cve			CVE-2017-20091
cna_responsible			VulDB

◂ Gurɗo Gumti Gada ▸

Interested in the pricing of exploits?

See the underground prices here!