CVE-2022-2222— WordPress plugin Download Monitor 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2022-2222の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Download Monitor < 4.5.91 - Admin+ Arbitrary File Download
ソース: NVD (National Vulnerability Database)
脆弱性説明
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
对外部实体的文件或目录可访问
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
WordPress plugin Download Monitor 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Download Monitor 4.5.91之前的版本存在安全漏洞,该漏洞源于该插件不确保要下载的文件在博客文件夹内,并且不敏感,即使在强化环境或多站点设置中,管理员等高权限用户也可以下载 wp-config.php 或 /
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Unknown | Download Monitor | 4.5.91 ~ 4.5.91 | - |
II. CVE-2022-2222の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2022-2222のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Unknown · 2022-07-17 · 21 CVEs total
| CVE-2022-2144 | Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF | |
| CVE-2021-24655 | WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise | |
| CVE-2022-1672 | Insights from Google PageSpeed < 4.0.7 - Multiple CSRF | |
| CVE-2022-1933 | CDI < 5.1.9 - Reflected Cross-Site-Scripting | |
| CVE-2022-2090 | Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting | |
| CVE-2022-2099 | WooCommerce < 6.6.0 - Admin+ Stored HTML Injection | |
| CVE-2022-2100 | Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2114 | Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2118 | 404s < 3.5.1 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2133 | OAuth Single Sign On < 6.22.6 - Authentication Bypass | |
| CVE-2022-2194 | Accept Stripe Payments < 2.0.64 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2146 | Import CSV Files <= 1.0 - Reflected Cross-Site Scripting | |
| CVE-2022-2148 | LinkedIn Company Updates <= 1.5.3 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2149 | Very Simple Breadcrumb <= 1.0 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2151 | Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2168 | Download Manager < 3.2.44 - Reflected Cross-Site Scripting | |
| CVE-2022-2169 | Loading Page with Loading Screen < 1.0.83 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2173 | Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting | |
| CVE-2022-2186 | Simple Post Notes < 1.7.6 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2187 | Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting |
IV. 関連脆弱性
同じ製品: Download Monitor
- CVE-2026-39486
WordPress Download Monitor plugin <= 5.1.8 - SQL Injection v - CVE-2026-4401
Download Monitor <= 5.1.10 - Cross-Site Request Forgery to D - CVE-2026-3124
Download Monitor <= 5.1.7 - Insecure Direct Object Reference - CVE-2025-47439
WordPress Download Monitor plugin <= 5.0.22 - Local File Inc - CVE-2024-10399
Download Monitor <= 5.0.13 - Missing Authorization to Sensit
同じベンダー: Unknown
- CVE-2026-6433
Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection t - CVE-2026-4935
SureTriggers < 1.1.23 – Unauthenticated SQLi - CVE-2026-5335
Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosu - CVE-2026-5337
Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary - CVE-2026-5306
Check & Log Email < 2.0.13 - Unauthenticated Stored XSS
同じ弱点: CWE-552
- CVE-2025-7389
Unauthorized Arbitrary File Read via RMI in AdminServer Inte - CVE-2019-25709
CF Image Hosting Script 1.6.5 Unauthorized Database Access - CVE-2026-33698
Chamilo LMS affected by unauthenticated RCE in main/install - CVE-2021-47960
Synology SSL VPN Client 安全漏洞 - CVE-2026-35446
LORIS has a path traversal in FilesDownloadHandler
V. CVE-2022-2222へのコメント
まだコメントはありません