CVE-2022-2945

LOW Year: 2022
CVSS v3 Score
2.7
Low
Weakness Type
CWE-22
View all →

Vulnerability Description

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information.

Related Vulnerabilities

CVE-2016-1212

LOW
CVSS:2.7(Low)

Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.

CWE-222016

CVE-2016-3972

LOW
CVSS:2.7(Low)

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.

CWE-222016

CVE-2018-16237

LOW
CVSS:2.7(Low)

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.

CWE-222018

CVE-2019-9889

LOW
CVSS:2.7(Low)

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with...

CWE-222019

CVE-2020-10457

LOW
CVSS:2.7(Low)

Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST ...

CWE-222020

CVE-2020-10459

LOW
CVSS:2.7(Low)

Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that ...

CWE-222020