ReportizFlow
Filtered by vendor Amministrazione Aperta Project
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-50956 | 2 Amministrazione Aperta Project, Wordpress | 2 Amministrazione Aperta, Wordpress | 2026-05-10 | 6.2 Medium |
| WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server. | ||||
| CVE-2022-1560 | 1 Amministrazione Aperta Project | 1 Amministrazione Aperta | 2024-11-21 | 6.5 Medium |
| The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link | ||||
Page 1 of 1.