CVE-2024-10708

Published Dec 10, 2024

Last updated 3 months ago

CVSS medium 4.9

Overview

Description
The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server
Source
contact@wpscan.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.9
Impact score
3.6
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending

  1. CVE-2024-10708 Path Traversal Exploit in System Dashboard WordPress Plugin The System Dashboard WordPress plugin, in versions before 2.8.15, has a flaw. It does not check user input used in a path. This could let... https://t.co/cDUUsqQj49

    @VulmonFeeds

    10 Dec 2024

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References