CVE-2024-5882

The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page

CVSS

No CVSS.

References

Link	Resource
https://wpscan.com/vulnerability/5e8d7808-8f3e-4fc9-a1e7-e108da031ca7/

Configurations

No configuration.

History

29 Jul 2024, 14:12

Type	Values Removed	Values Added
Summary		(es) El complemento de WordPress Ultimate Classified Listings anterior a 1.3 no valida los parámetros `ucl_page` y `layout`, lo que permite a usuarios no autenticados acceder a archivos PHP en el servidor desde la página de listados.

29 Jul 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 06:15

Updated : 2024-07-29 14:12

NVD link : CVE-2024-5882

Mitre link : CVE-2024-5882

CVE.ORG link : CVE-2024-5882

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-5882

Attach tags to `CVE-2024-5882`