Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-12832 — Path Traversal in Simple-file-list

CWE-22 — Path Traversal5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

76.3%

top 1.07%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Simplefilelist Simple-file-list

Timeline

PublishedMay 13

Latest updateMay 24

Description

WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDsimplefilelist/simple-file-list< 4.2.8

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-h2cg-59q7-cp5x: The simple-file-list plugin before 4↗2022-05-24

▶

CVEList

CVE-2020-12832: WordPress Plugin Simple File List before 4↗2020-05-13

▶

VulnCheck

simplefilelist simple-file-list Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')↗2020

▶

💥Exploits & PoCs

Nuclei

WordPress Simple File List - Path Traversal

▶