CVEs-PoC/2022/CVE-2022-0828.md at 6cd0d0806c9bf647d01eb3deca931ca47bebcbc7

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-06-03 04:38:03 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.

POC

Reference

https://wpscan.com/vulnerability/7f0742ad-6fd7-4258-9e44-d42e138789bb

Github

https://github.com/20142995/nuclei-templates
https://github.com/ARPSyndicate/cvemon

956 B Raw Blame History

CVE-2022-0828

Description

POC

Reference

Github

956 B

Raw Blame History