CVE-2019-25215 Vulnerability Details

  /     /     /  

CVE-2019-25215 Metadata Quick Info

CVE Published: 16/10/2024 | CVE Updated: 16/10/2024 | CVE Year: 2019
Source: Wordfence | Vendor: arisoft | Product: ARI Adminer – WordPress Database Manager
Status : PUBLISHED

---

CVE-2019-25215 Description

The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site\'s database and making changes.

Metrics

CVSS Version: 3.1 | Base Score: 7.3 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-862
CWE Name: CWE-862 Missing Authorization
Source: arisoft

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).