Path Traversal Vulnerability Affects SP Blog Designer
CVE-2024-52498

7.5HIGH

Key Information:

Vendor: WordPress
Status: Sp Blog Designer
Vendor: CVE Published:; 28 November 2024

Summary

A vulnerability in SP Blog Designer by Softpulse Infotech allows for path traversal, which can lead to PHP Local File Inclusion attacks. This security flaw permits attackers to exploit the application by manipulating file paths, potentially exposing sensitive files on the server. The vulnerability affects all versions of SP Blog Designer from n/a through 1.0.0. Proper validation and sanitization of user inputs are essential to mitigate the risk of such exploits.

Affected Version(s)

SP Blog Designer <= 1.0.0

References

https://patchstack.com/database/wordpress/plugin/sp-blog-...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 28, 2024
Vulnerability Reserved
Nov 11, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)