Local File Inclusion vulnerability in pretix Widget... · CVE-2024-9575 · GitHub Advisory Database · GitHub

Local File Inclusion vulnerability in pretix Widget...

High severity Unreviewed Published Oct 9, 2024 to the GitHub Advisory Database • Updated Oct 14, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5.

References

Published by the National Vulnerability Database

Oct 9, 2024

Published to the GitHub Advisory Database Oct 9, 2024

Last updated Oct 14, 2024

Severity

High

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required High

User interaction Passive

Vulnerable System Impact Metrics

Confidentiality High

Integrity High

Availability High

Subsequent System Impact Metrics

Confidentiality Low

Integrity Low

Availability Low

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:X