The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
History

Wed, 13 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Sodahead
Sodahead luna Radio Player
CPEs cpe:2.3:a:sodahead:luna_radio_player:*:*:*:*:*:*:*:*
Vendors & Products Sodahead
Sodahead luna Radio Player
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 13 Nov 2024 03:45:00 +0000

Type Values Removed Values Added
Description The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Title LUNA RADIO PLAYER <= 6.24.01.24 - Unauthenticated Arbitrary File Read
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-11-13T03:30:10.803Z

Updated: 2024-11-13T15:36:51.266Z

Reserved: 2024-11-04T18:55:11.280Z

Link: CVE-2024-10816

cve-icon Vulnrichment

Updated: 2024-11-13T15:36:42.793Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-13T04:15:04.300

Modified: 2024-11-13T17:01:16.850

Link: CVE-2024-10816

cve-icon Redhat

No data.