Published: 19/04/2022 Updated: 27/04/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated malicious users to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.

Vulnerable Product	Search on Vulmon	Subscribe to Product
simplefilelist simple-file-list

Normal-POC 【免责声明】本仓库所涉及的技术、思路和工具仅供安全技术研究，任何人不得将其用于非授权渗透测试，不得将其用于非法用途和盈利，否则后果自行承担。 0x01 项目导航 CMS漏洞 AspCMS commentListasp SQL注入漏洞 BSPHP indexphp 未授权访问信息泄露漏洞 CmsEasy crossall_actphp SQL注入漏

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

CWE-22 https://wpscan.com/vulnerability/075a3cc5-1970-4b64-a16f-3ec97e22b606 https://plugins.trac.wordpress.org/browser/simple-file-list/trunk/includes/ee-downloader.php?rev=2071880 https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1119 https://docs.google.com/document/d/1qIZXTzEpI4tO6832vk1KfsSAroT0FY2l--THlhJ8z3c/edit https://nvd.nist.gov https://github.com/Miraitowa70/POC-Notes

CVE-2022-1119

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect