CVE-2021-24966

Published: Mar 14, 2022Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder

Affected (1)

Products: Bestwebsoft: Error Log Viewer

Bestwebsoft

1 product

Error Log Viewer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bestwebsoft Error Log Viewer	Up to 1.1.1

Related CWEs

CWE-73

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (2)

https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.