1. Home
  2. CVE Database
  3. CVE-2019-1010257
CRITICAL · 9.1

CVE-2019-1010257

An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the P...

Vulnerability Description

An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
Article2Pdf ProjectArticle2Pdf>= 0.24, <= 0.27

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2019-1010257?

CVE-2019-1010257 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the P...

How severe is CVE-2019-1010257?

CVE-2019-1010257 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-1010257?

Check the references section above for vendor advisories and patch information. Affected products include: Article2Pdf Project Article2Pdf.