CVE-2023-2117

LOW Year: 2023
CVSS v3 Score
2.7
Low
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.

Related Vulnerabilities

CVE-2016-2868

LOW
CVSS:2.7(Low)

IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity refe...

NVD-CWE-Other2016

CVE-2016-5462

LOW
CVSS:2.7(Low)

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vecto...

NVD-CWE-Other2016

CVE-2016-9338

LOW
CVSS:2.7(Low)

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and ...

NVD-CWE-Other2016

CVE-2017-10254

LOW
CVSS:2.7(Low)

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnera...

NVD-CWE-Other2017

CVE-2017-10426

LOW
CVSS:2.7(Low)

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnera...

NVD-CWE-Other2017

CVE-2017-9843

LOW
CVSS:2.7(Low)

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.

NVD-CWE-Other2017