CVE-2024-10672 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.7 LOW	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Wordfence	CNA	2.7 LOW				CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Vendor	Product	Version
themeisle	multiple_page_generator	𝑥 < 4.0.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-73 - External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://plugins.trac.wordpress.org/browser/multiple-pages-generator-by-porthas/tags/3.4.8/controllers/ProjectController.php#L139

https://plugins.trac.wordpress.org/browser/multiple-pages-generator-by-porthas/tags/3.4.8/controllers/ProjectController.php#L147

https://plugins.trac.wordpress.org/changeset/3183330/multiple-pages-generator-by-porthas/tags/4.0.3/controllers/ProjectController.php

https://www.wordfence.com/threat-intel/vulnerabilities/id/8c21de03-4d62-4ecf-a2f1-57e0e416792b?source=cve