All the vulnerabilites related to Unknown - Download Monitor
cve-2022-2222
Vulnerability from cvelistv5
Published
2022-07-17 10:37
Modified
2024-08-03 00:32
Severity ?
EPSS score ?
Summary
Download Monitor < 4.5.91 - Admin+ Arbitrary File Download
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Unknown | Download Monitor |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Download Monitor",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.5.91",
"status": "affected",
"version": "4.5.91",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thiago Martins"
},
{
"lang": "en",
"value": "Jorge Buzeti"
},
{
"lang": "en",
"value": "Leandro Inacio"
},
{
"lang": "en",
"value": "Lucas de Souza"
},
{
"lang": "en",
"value": "Matheus Oliveira"
},
{
"lang": "en",
"value": "Filipe Baptistella"
},
{
"lang": "en",
"value": "Leonardo Paiva"
},
{
"lang": "en",
"value": "Jose Thomaz"
},
{
"lang": "en",
"value": "Joao Maciel"
},
{
"lang": "en",
"value": "Vinicius Pereira"
},
{
"lang": "en",
"value": "Geovanni Campos"
},
{
"lang": "en",
"value": "Hudson Nowak"
},
{
"lang": "en",
"value": "Guilherme Acerbi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-17T10:37:28",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Download Monitor \u003c 4.5.91 - Admin+ Arbitrary File Download",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2222",
"STATE": "PUBLIC",
"TITLE": "Download Monitor \u003c 4.5.91 - Admin+ Arbitrary File Download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Monitor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.5.91",
"version_value": "4.5.91"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thiago Martins"
},
{
"lang": "eng",
"value": "Jorge Buzeti"
},
{
"lang": "eng",
"value": "Leandro Inacio"
},
{
"lang": "eng",
"value": "Lucas de Souza"
},
{
"lang": "eng",
"value": "Matheus Oliveira"
},
{
"lang": "eng",
"value": "Filipe Baptistella"
},
{
"lang": "eng",
"value": "Leonardo Paiva"
},
{
"lang": "eng",
"value": "Jose Thomaz"
},
{
"lang": "eng",
"value": "Joao Maciel"
},
{
"lang": "eng",
"value": "Vinicius Pereira"
},
{
"lang": "eng",
"value": "Geovanni Campos"
},
{
"lang": "eng",
"value": "Hudson Nowak"
},
{
"lang": "eng",
"value": "Guilherme Acerbi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2222",
"datePublished": "2022-07-17T10:37:28",
"dateReserved": "2022-06-27T00:00:00",
"dateUpdated": "2024-08-03T00:32:08.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2981
Vulnerability from cvelistv5
Published
2022-10-10 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Download Monitor < 4.5.98 - Admin+ Arbitrary File Download
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Unknown | Download Monitor |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/30ce32ce-161c-4388-8d22-751350b7b305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Download Monitor",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.5.98",
"status": "affected",
"version": "4.5.98",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Raad Haddad of Cloudyrion GmbH"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-10T00:00:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/30ce32ce-161c-4388-8d22-751350b7b305"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Download Monitor \u003c 4.5.98 - Admin+ Arbitrary File Download",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2981",
"datePublished": "2022-10-10T00:00:00",
"dateReserved": "2022-08-24T00:00:00",
"dateUpdated": "2024-08-03T00:52:59.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-24786
Vulnerability from cvelistv5
Published
2022-01-03 12:49
Modified
2024-08-03 19:42
Severity ?
EPSS score ?
Summary
Download Monitor < 4.4.5 - Admin+ SQL Injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/a6571f16-66d2-449e-af83-1c6ddd56edfa | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Unknown | Download Monitor |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a6571f16-66d2-449e-af83-1c6ddd56edfa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Download Monitor",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.4.5",
"status": "affected",
"version": "4.4.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "bl4derunner"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the \"orderby\" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-03T12:49:03",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a6571f16-66d2-449e-af83-1c6ddd56edfa"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Download Monitor \u003c 4.4.5 - Admin+ SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24786",
"STATE": "PUBLIC",
"TITLE": "Download Monitor \u003c 4.4.5 - Admin+ SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Monitor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.4.5",
"version_value": "4.4.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "bl4derunner"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the \"orderby\" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a6571f16-66d2-449e-af83-1c6ddd56edfa",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a6571f16-66d2-449e-af83-1c6ddd56edfa"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24786",
"datePublished": "2022-01-03T12:49:03",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:17.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}