Search criteria
2 vulnerabilities found for Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More by vasyltech
CVE-2019-25213 (GCVE-0-2019-25213)
Vulnerability from cvelistv5 – Published: 2024-10-16 06:43 – Updated: 2024-10-16 18:05
VLAI?
Title
Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read
Summary
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php
Severity ?
9.8 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vasyltech | Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More |
Affected:
* , < 5.9.9
(semver)
|
Credits
Ov3rfly
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:advanced_access_manager_project:advanced_access_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advanced_access_manager",
"vendor": "advanced_access_manager_project",
"versions": [
{
"lessThan": "5.9.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T15:35:07.214423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:05:50.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Advanced Access Manager \u2013 Restricted Content, Users \u0026 Roles, Enhanced Security and More",
"vendor": "vasyltech",
"versions": [
{
"lessThan": "5.9.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ov3rfly"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T06:43:32.214Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55e0f0df-7be2-4e18-988c-2cc558768eff?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2098838/advanced-access-manager/trunk/application/Core/Media.php?old=2151316\u0026old_path=advanced-access-manager%2Ftrunk%2Fapplication%2FCore%2FMedia.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2019-09-09T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Advanced Access Manager \u003c= 5.9.8.1 - Unauthenticated Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2019-25213",
"datePublished": "2024-10-16T06:43:32.214Z",
"dateReserved": "2024-10-15T17:42:48.469Z",
"dateUpdated": "2024-10-16T18:05:50.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25213 (GCVE-0-2019-25213)
Vulnerability from nvd – Published: 2024-10-16 06:43 – Updated: 2024-10-16 18:05
VLAI?
Title
Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read
Summary
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php
Severity ?
9.8 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vasyltech | Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More |
Affected:
* , < 5.9.9
(semver)
|
Credits
Ov3rfly
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:advanced_access_manager_project:advanced_access_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "advanced_access_manager",
"vendor": "advanced_access_manager_project",
"versions": [
{
"lessThan": "5.9.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T15:35:07.214423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:05:50.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Advanced Access Manager \u2013 Restricted Content, Users \u0026 Roles, Enhanced Security and More",
"vendor": "vasyltech",
"versions": [
{
"lessThan": "5.9.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ov3rfly"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T06:43:32.214Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55e0f0df-7be2-4e18-988c-2cc558768eff?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2098838/advanced-access-manager/trunk/application/Core/Media.php?old=2151316\u0026old_path=advanced-access-manager%2Ftrunk%2Fapplication%2FCore%2FMedia.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2019-09-09T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Advanced Access Manager \u003c= 5.9.8.1 - Unauthenticated Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2019-25213",
"datePublished": "2024-10-16T06:43:32.214Z",
"dateReserved": "2024-10-15T17:42:48.469Z",
"dateUpdated": "2024-10-16T18:05:50.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}