预约和活动日历 - Amelia <= 1.2 - 未经验证的完整路径披露 (CVE-2024-6552)

admin 2024-08-10 12:16:01 Ali_nvd 来源:ZONE.CI 全球网 0 阅读模式
预约和活动日历 - Amelia <= 1.2 - 未经验证的完整路径披露 (CVE-2024-6552)

CVE编号

CVE-2024-6552

利用情况

暂无

补丁情况

N/A

披露时间

2024-08-08
漏洞描述
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://plugins.trac.wordpress.org/browser/ameliabooking/trunk/vendor/symfony...
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&...
https://www.wordfence.com/threat-intel/vulnerabilities/id/c9aa2a44-5a71-4a10-...
CVSS3评分 5.3
  • 攻击路径 网络
  • 攻击复杂度 低
  • 权限要求 无
  • 影响范围 未更改
  • 用户交互 无
  • 可用性 无
  • 保密性 低
  • 完整性 无
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-ID 漏洞类型
- avd.aliyun.com
weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论:0   参与:  0