关键漏洞信息 漏洞概述 漏洞名称: Error Log Viewer by BestWebSoft <= 1.1.6 - Authenticated (Administrator+) Arbitrary File Read CVE编号: CVE-2015-9950 CVSS评分: 4.9 (Medium) 公开发布日期: October 10, 2015 最后更新日期: October 11, 2015 研究员: Duc Manh 影响版本 受影响版本: <= 1.1.6 描述 问题: The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. 修复情况 是否已修复: No 修复建议: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.