CVE-2024-7848

NVD Published Date: August 22, 2024 at 11:15 AM
NVD Last Modified: August 22, 2024 at 12:48 PM
Download Patch
Vulnerability ID
CVE-2024-7848
Severity
MEDIUM
Severity Score
4.3
Summary
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to gain access to other user's private files.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE ID
None

Recent Publish

CVE-2024-39745

CVE-2024-39746

CVE-2024-39744

CVE-2024-35151

CVE-2024-43331

2024-04 Security and Quality Rollup for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 for x64 (KB5037041)

See SecOps Solution
in action

Schedule Demo