Vulnerabilities > CVE-2021-39316 - Files or Directories Accessible to External Parties vulnerability in Digitalzoomstudio Zoomsounds

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

digitalzoomstudio

CWE-552

NVD

Published: 2021-08-31

Updated: 2021-12-14

Summary

The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.

Vulnerable Configurations

Part	Description	Count
Application	Digitalzoomstudio Digitalzoomstudio Zoomsounds - Digitalzoomstudio Zoomsounds 1.10 Digitalzoomstudio Zoomsounds 1.20 Digitalzoomstudio Zoomsounds 1.30 Digitalzoomstudio Zoomsounds 1.40 Digitalzoomstudio Zoomsounds 1.41 Digitalzoomstudio Zoomsounds 1.43 Digitalzoomstudio Zoomsounds 1.45 Digitalzoomstudio Zoomsounds 1.50 Digitalzoomstudio Zoomsounds 1.51 Digitalzoomstudio Zoomsounds 1.60 Digitalzoomstudio Zoomsounds 1.61 Digitalzoomstudio Zoomsounds 1.62 Digitalzoomstudio Zoomsounds 1.63 Digitalzoomstudio Zoomsounds 1.70 Digitalzoomstudio Zoomsounds 2.00 Digitalzoomstudio Zoomsounds 2.02 Digitalzoomstudio Zoomsounds 2.10 Digitalzoomstudio Zoomsounds 2.20 Digitalzoomstudio Zoomsounds 2.30 Digitalzoomstudio Zoomsounds 2.42 Digitalzoomstudio Zoomsounds 2.43 Digitalzoomstudio Zoomsounds 2.44 Digitalzoomstudio Zoomsounds 2.45 Digitalzoomstudio Zoomsounds 2.46 Digitalzoomstudio Zoomsounds 2.51 Digitalzoomstudio Zoomsounds 2.60 Digitalzoomstudio Zoomsounds 2.61 Digitalzoomstudio Zoomsounds 2.62 Digitalzoomstudio Zoomsounds 2.63 Digitalzoomstudio Zoomsounds 2.64 Digitalzoomstudio Zoomsounds 2.70 Digitalzoomstudio Zoomsounds 2.72 Digitalzoomstudio Zoomsounds 2.75 Digitalzoomstudio Zoomsounds 3.00 Digitalzoomstudio Zoomsounds 3.01 Digitalzoomstudio Zoomsounds 3.03 Digitalzoomstudio Zoomsounds 3.04 Digitalzoomstudio Zoomsounds 3.10 Digitalzoomstudio Zoomsounds 3.12 Digitalzoomstudio Zoomsounds 3.21 Digitalzoomstudio Zoomsounds 3.23 Digitalzoomstudio Zoomsounds 3.24 Digitalzoomstudio Zoomsounds 3.30 Digitalzoomstudio Zoomsounds 3.31 Digitalzoomstudio Zoomsounds 3.32 Digitalzoomstudio Zoomsounds 3.33 Digitalzoomstudio Zoomsounds 3.40 Digitalzoomstudio Zoomsounds 4.00 Digitalzoomstudio Zoomsounds 4.10 Digitalzoomstudio Zoomsounds 4.15 Digitalzoomstudio Zoomsounds 4.20 Digitalzoomstudio Zoomsounds 4.32 Digitalzoomstudio Zoomsounds 4.47 Digitalzoomstudio Zoomsounds 4.51 Digitalzoomstudio Zoomsounds 4.63 Digitalzoomstudio Zoomsounds 5.00 Digitalzoomstudio Zoomsounds 5.03 Digitalzoomstudio Zoomsounds 5.04 Digitalzoomstudio Zoomsounds 5.12 Digitalzoomstudio Zoomsounds 5.18 Digitalzoomstudio Zoomsounds 5.30 Digitalzoomstudio Zoomsounds 5.31 Digitalzoomstudio Zoomsounds 5.48 Digitalzoomstudio Zoomsounds 5.60 Digitalzoomstudio Zoomsounds 5.70 Digitalzoomstudio Zoomsounds 5.82 Digitalzoomstudio Zoomsounds 5.84 Digitalzoomstudio Zoomsounds 5.91 Digitalzoomstudio Zoomsounds 5.93 Digitalzoomstudio Zoomsounds 5.95 Digitalzoomstudio Zoomsounds 5.96 Digitalzoomstudio Zoomsounds 6.00 Digitalzoomstudio Zoomsounds 6.10 Digitalzoomstudio Zoomsounds 6.21 Digitalzoomstudio Zoomsounds 6.34 Digitalzoomstudio Zoomsounds 6.45	77

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References