Path Traversal Vulnerability Affects SSV MailChimp
CVE-2024-49285
7.5HIGH
Summary
A Path Traversal vulnerability in Moridrin's SSV MailChimp plugin allows attackers to exploit improper limitations on file path names. This flaw grants unauthorized access to sensitive files via PHP Local File Inclusion, potentially compromising the security of affected installations. Users running SSV MailChimp versions up to and including 3.1.5 are susceptible to this vulnerability, making it crucial for site administrators to assess their security measures and update to secure versions.
Affected Version(s)
SSV MailChimp <= 3.1.5
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
tahu.datar (Patchstack Alliance)