关键漏洞信息 描述 漏洞类型: Admin+ Arbitrary File Download 受影响插件: EKC Tournament Manager < 2.2.2 描述: 该插件允许已登录的管理员下载WordPress目录之外的系统文件。 漏洞详情 CVE编号: CVE-2024-9765 分类: - 类型: FILE DOWNLOAD - OWASP Top 10: A1: Injection - CWE: CWE-552 - CVSS评分: 2.7 (低) 时间线 公开发布日期: 2024-09-10 添加日期: 2024-11-14 最后更新日期: 2025-01-10 其他信息 原始研究者: Vuln Seeker Cybersecurity Team 提交者: Vuln Seeker Cybersecurity Team 提交者网站: https://vulnseeker.org 验证状态: Yes WPVDB ID: c86157b0-43f3-4e82-9697-7dd9401b48d6 相关参考 Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access Downloadable by American Osteopathic Association <= 0.1.0 - Unauthenticated Arbitrary File Download Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download wpForo Forum < 2.4.2 - Subscriber+ Arbitrary File Read