CVE-2022-1119

The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.
Configurations

Configuration 1

cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-04-19 09:15

Updated : 2022-04-27 04:32


NVD link : CVE-2022-1119

Mitre link : CVE-2022-1119

Products Affected
No products.
CWE