Themes Vulnerabilities

CAS <= 1.0.0 - Unauthenticated Arbitrary File Access

Description

This plugin does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server

Proof of Concept

https://example.com/wp-content/themes/cas/download.php?path=<<FILE_TO_DOWNLOAD>>

Affects Themes

cas
No known fix

References

CVE
CVE-2024-4388

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Original Researcher
Aly Khaled Aly Abd Al-aal
Submitter
Aly Khaled Aly Abd Al-aal
Submitter website
https://0x41ly.github.io/
Submitter twitter
Aly_Khal3d
Verified
Yes
WPVDB ID
5c791747-f60a-40a7-94fd-e4b9bb5ea2b0

Timeline

Publicly Published
2024-05-02 (about 1 months ago)
Added
2024-05-02 (about 1 months ago)
Last Updated
2024-05-02 (about 1 months ago)

Other

Published
Title
Published
2015-07-10
Title
CP Image Store with Slideshow <= 1.0.5 - Arbitrary File Download
Published
2015-09-15
Title
MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
Published
2024-06-03
Title
Checkout Field Editor for WooCommerce (Pro) < 3.6.3 - Unauthenticated Arbitrary File Deletion
Published
2014-08-01
Title
Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access
Published
2015-06-10
Title
History Collection <= 1.1.1 - Arbitraty File Download