What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through <= 1.2.10.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
What the vulnerability does
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through <= 1.2.10.
Explanation of Vulnerability in Simple Terms
Filr versions up to 1.2.10 contain a path traversal vulnerability that allows authenticated users to cause a denial of service by accessing files outside the intended directory. An attacker with low-level credentials can trigger this flaw without user interaction. The vulnerability affects the availability of the application across multiple components due to its changed scope.
What an attacker can do
Authenticated user can access files outside the intended directory and cause the application to become unavailable.
Potential impact on your site
Users may experience service disruptions or unavailability if an authenticated attacker exploits this path traversal flaw.
Conditions required to exploit
Attacker must have a valid user account with low-level privileges; no user interaction required.
Key dates
External resources
Related vulnerabilities