PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download (CVE-2024-9935)
收藏pentest-tools.com2025-03-26 收录
下载链接:
https://pentest-tools.com/vulnerabilities-exploits/undefined
下载链接
链接失效反馈官方服务:
资源简介:
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Elementor 页面构建插件用于 WordPress 的 PDF 生成器插件在所有版本中均存在路径遍历漏洞,包括但不限于 1.7.5 版本,该漏洞通过 rtw_pgaepb_dwnld_pdf() 函数暴露。这使得未经身份验证的攻击者能够读取服务器上任意文件的內容,这些文件可能包含敏感信息。
提供机构:
pentest-tools.com
