GSD-2022-2222

Vulnerability from gsd - Updated: 2023-12-13 01:19
Details
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
Aliases
Aliases
CVE-2022-2222
To clipboard 

{
  "GSD": {
    "alias": "CVE-2022-2222",
    "description": "The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.",
    "id": "GSD-2022-2222"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-2222"
      ],
      "details": "The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.",
      "id": "GSD-2022-2222",
      "modified": "2023-12-13T01:19:19.775856Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "contact@wpscan.com",
        "ID": "CVE-2022-2222",
        "STATE": "PUBLIC",
        "TITLE": "Download Monitor \u003c 4.5.91 - Admin+ Arbitrary File Download"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Download Monitor",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "4.5.91",
                          "version_value": "4.5.91"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Unknown"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Thiago Martins"
        },
        {
          "lang": "eng",
          "value": "Jorge Buzeti"
        },
        {
          "lang": "eng",
          "value": "Leandro Inacio"
        },
        {
          "lang": "eng",
          "value": "Lucas de Souza"
        },
        {
          "lang": "eng",
          "value": "Matheus Oliveira"
        },
        {
          "lang": "eng",
          "value": "Filipe Baptistella"
        },
        {
          "lang": "eng",
          "value": "Leonardo Paiva"
        },
        {
          "lang": "eng",
          "value": "Jose Thomaz"
        },
        {
          "lang": "eng",
          "value": "Joao Maciel"
        },
        {
          "lang": "eng",
          "value": "Vinicius Pereira"
        },
        {
          "lang": "eng",
          "value": "Geovanni Campos"
        },
        {
          "lang": "eng",
          "value": "Hudson Nowak"
        },
        {
          "lang": "eng",
          "value": "Guilherme Acerbi"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup."
          }
        ]
      },
      "generator": "WPScan CVE Generator",
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-552 Files or Directories Accessible to External Parties"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b",
            "refsource": "MISC",
            "url": "https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:wordpress:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.5.91",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-2222"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-552"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://wpscan.com/vulnerability/dd48624a-1781-419c-a3c4-1e3eaf5e2c1b"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-07-18T13:51Z",
      "publishedDate": "2022-07-17T11:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.