CVE-2023-4216

LOW Year: 2023
CVSS v3 Score
2.7
Low
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file.

Related Vulnerabilities

CVE-2016-2868

LOW
CVSS:2.7(Low)

IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity refe...

NVD-CWE-Other2016

CVE-2016-5462

LOW
CVSS:2.7(Low)

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vecto...

NVD-CWE-Other2016

CVE-2016-9338

LOW
CVSS:2.7(Low)

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and ...

NVD-CWE-Other2016

CVE-2017-10254

LOW
CVSS:2.7(Low)

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnera...

NVD-CWE-Other2017

CVE-2017-10426

LOW
CVSS:2.7(Low)

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnera...

NVD-CWE-Other2017

CVE-2017-9843

LOW
CVSS:2.7(Low)

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.

NVD-CWE-Other2017