Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" privilege may obtain arbitrary files on the server.
Metrics
Affected Vendors & Products
References
History
Mon, 12 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-22 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2024-05-22T05:30:33.065Z
Updated: 2024-08-12T15:53:54.079Z
Reserved: 2024-05-10T01:34:22.893Z
Link: CVE-2024-35162
Vulnrichment
Updated: 2024-08-02T03:07:46.508Z
NVD
Status : Awaiting Analysis
Published: 2024-05-22T06:15:12.570
Modified: 2024-08-12T16:35:03.640
Link: CVE-2024-35162
Redhat
No data.