CVE-2022-2926

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUM
EPSS
2.7%
top 14.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Download ManagerAdobe Download Manager
Timeline
PublishedSep 26
Latest updateSep 27

Description

The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5unknown/download_manager3.2.553.2.55

🔴Vulnerability Details

2
GHSA
GHSA-pr99-9g59-4vj9: The Download Manager WordPress plugin before 32022-09-27
CVEList
Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal2022-09-26
CVE-2022-2926 (MEDIUM CVSS 4.9) | The Download Manager WordPress plug | cvebase.io