CVE-2024-35629

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wow-company:easy_digital_downloads:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 09:20

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 9.6
References () https://patchstack.com/database/vulnerability/edd-recent-purchases/wordpress-easy-digital-downloads-recent-purchases-plugin-1-0-2-remote-file-inclusion-vulnerability?_s_id=cve - Third Party Advisory () https://patchstack.com/database/vulnerability/edd-recent-purchases/wordpress-easy-digital-downloads-recent-purchases-plugin-1-0-2-remote-file-inclusion-vulnerability?_s_id=cve - Third Party Advisory

10 Jun 2024, 21:06

Type Values Removed Values Added
First Time Wow-company easy Digital Downloads
Wow-company
Summary
  • (es) Control inadecuado del nombre de archivo para la declaración Incluir/Requerir en el programa PHP ('Inclusión remota de archivos PHP') vulnerabilidad en Wow-Company Easy Digital Downloads – Recent Purchases permite la inclusión remota de archivos PHP. Este problema afecta a Easy Digital Downloads – Recent Purchases: desde n/ a hasta 1.0.2.
CVSS v2 : unknown
v3 : 9.6
v2 : unknown
v3 : 9.8
References () https://patchstack.com/database/vulnerability/edd-recent-purchases/wordpress-easy-digital-downloads-recent-purchases-plugin-1-0-2-remote-file-inclusion-vulnerability?_s_id=cve - () https://patchstack.com/database/vulnerability/edd-recent-purchases/wordpress-easy-digital-downloads-recent-purchases-plugin-1-0-2-remote-file-inclusion-vulnerability?_s_id=cve - Third Party Advisory
CPE cpe:2.3:a:wow-company:easy_digital_downloads:*:*:*:*:*:wordpress:*:*
CWE CWE-829

04 Jun 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-04 14:15

Updated : 2024-11-21 09:20


NVD link : CVE-2024-35629

Mitre link : CVE-2024-35629

CVE.ORG link : CVE-2024-35629


JSON object : View

Products Affected

wow-company

  • easy_digital_downloads
CWE
CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CWE-829

Inclusion of Functionality from Untrusted Control Sphere