CVE-2025-2048

MEDIUM Year: 2025
CVSS v3 Score
4.1
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server

Related Vulnerabilities

CVE-2016-0668

MEDIUM
CVSS:4.1(Medium)

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors re...

NVD-CWE-Other2016

CVE-2016-5463

MEDIUM
CVSS:4.1(Medium)

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related t...

NVD-CWE-Other2016

CVE-2016-5464

MEDIUM
CVSS:4.1(Medium)

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related t...

NVD-CWE-Other2016

CVE-2016-5559

MEDIUM
CVSS:4.1(Medium)

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.

NVD-CWE-Other2016

CVE-2017-10268

MEDIUM
CVSS:4.1(Medium)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier....

NVD-CWE-Other2017

CVE-2018-2773

MEDIUM
CVSS:4.1(Medium)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult...

NVD-CWE-Other2018