{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/file-read/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-5478"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["wordpress","plugin","file-read","file-deletion","cve-2026-5478"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Everest Forms plugin for WordPress, versions 3.4.4 and earlier, contains an arbitrary file read and deletion vulnerability (CVE-2026-5478). This flaw stems from the plugin\u0026rsquo;s improper handling of the \u003ccode\u003eold_files\u003c/code\u003e parameter within form submissions. Specifically, the plugin trusts attacker-controlled data as legitimate server-side upload state and insecurely converts URLs into local filesystem paths without adequate sanitization. This lack of input validation enables unauthenticated attackers to inject path traversal sequences, leading to the disclosure of sensitive files like \u003ccode\u003ewp-config.php\u003c/code\u003e, which contains database credentials and authentication salts. Furthermore, the flawed path resolution is utilized in a post-email cleanup routine, resulting in arbitrary file deletion via the \u003ccode\u003eunlink()\u003c/code\u003e function, potentially causing a denial-of-service condition. Successful exploitation requires a form with a file-upload or image-upload field and the \u0026ldquo;store entry information\u0026rdquo; feature disabled.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker crafts a malicious HTTP POST request to a WordPress page containing an Everest Forms form with a file upload field.\u003c/li\u003e\n\u003cli\u003eThe attacker includes the \u003ccode\u003eold_files\u003c/code\u003e parameter in the POST data, injecting a path traversal payload (e.g., \u003ccode\u003e../../../../wp-config.php\u003c/code\u003e) into its value.\u003c/li\u003e\n\u003cli\u003eThe WordPress application processes the form submission, and the Everest Forms plugin extracts the \u003ccode\u003eold_files\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe plugin\u0026rsquo;s flawed logic converts the attacker-supplied URL into a local file system path using regex-based string replacement without canonicalization or directory boundary enforcement.\u003c/li\u003e\n\u003cli\u003eThe plugin attaches the resolved file (e.g., \u003ccode\u003e/var/www/wordpress/../../../../wp-config.php\u003c/code\u003e) to the notification email.\u003c/li\u003e\n\u003cli\u003eAfter sending the notification email, the post-email cleanup routine utilizes the same flawed path resolution to determine the file to delete.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eunlink()\u003c/code\u003e function is called on the resolved path, leading to the deletion of the targeted file (e.g., \u003ccode\u003ewp-config.php\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to sensitive information (database credentials, salts) or causes a denial of service by deleting critical system files.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5478 allows unauthenticated attackers to read arbitrary files on the WordPress server, potentially exposing sensitive information like database credentials and authentication salts stored in \u003ccode\u003ewp-config.php\u003c/code\u003e. This could lead to full site compromise, including data theft, defacement, or further malicious activities. Furthermore, the ability to delete arbitrary files enables attackers to cause a denial-of-service condition by removing critical system or application files. The impact is significant as it affects all versions of the Everest Forms plugin up to and including 3.4.4.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update the Everest Forms plugin to a version higher than 3.4.4 to patch CVE-2026-5478.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Everest Forms Arbitrary File Read Attempt\u0026rdquo; to identify potential exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eEnable web server logging to capture HTTP POST requests, which are crucial for detecting path traversal attempts (cs-uri-query, cs-method in webserver logs).\u003c/li\u003e\n\u003cli\u003eMonitor file deletion events on the WordPress server, especially those initiated by the web server user, using a file integrity monitoring (FIM) solution (file_event logs).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for all user-supplied data, especially file paths, to prevent path traversal vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-20T20:35:20Z","date_published":"2026-04-20T20:35:20Z","id":"/briefs/2026-08-everest-forms-rfi-rce/","summary":"The Everest Forms plugin for WordPress is vulnerable to arbitrary file read and deletion, allowing unauthenticated attackers to access sensitive data or cause denial of service by manipulating the 'old_files' parameter in versions up to 3.4.4.","title":"Everest Forms Plugin Arbitrary File Read and Deletion Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-08-everest-forms-rfi-rce/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-3464"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["wordpress","plugin","file-read","file-deletion","rce"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe WP Customer Area plugin, a popular WordPress plugin, is susceptible to an arbitrary file read and deletion vulnerability. This flaw, identified as CVE-2026-3464, resides within the \u0026lsquo;ajax_attach_file\u0026rsquo; function and stems from inadequate file path validation. All versions of the plugin up to and including 8.3.4 are affected. The vulnerability enables authenticated attackers with minimal privileges (e.g., Subscriber), granted access by an administrator, to read arbitrary files on the server, potentially exposing sensitive data. Attackers can also delete arbitrary files, which, in certain cases (such as deleting \u003ccode\u003ewp-config.php\u003c/code\u003e), can pave the way for remote code execution. This vulnerability poses a significant risk to WordPress websites utilizing the WP Customer Area plugin.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains authenticated access to a WordPress site with the WP Customer Area plugin enabled, with privileges granted by an administrator (e.g., as a Subscriber).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u0026lsquo;ajax_attach_file\u0026rsquo; function.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a manipulated file path, bypassing input validation.\u003c/li\u003e\n\u003cli\u003eThe plugin, failing to properly sanitize the file path, attempts to read or delete the file specified in the malicious request.\u003c/li\u003e\n\u003cli\u003eIf reading, the contents of the targeted file are returned to the attacker in the HTTP response.\u003c/li\u003e\n\u003cli\u003eIf deleting, the targeted file is removed from the server.\u003c/li\u003e\n\u003cli\u003eIf the attacker targets a sensitive file, such as \u003ccode\u003ewp-config.php\u003c/code\u003e, and successfully deletes it, the WordPress installation becomes unstable and potentially allows for re-installation and control by the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits the instability to achieve remote code execution, potentially installing a web shell or other malicious code.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-3464) allows attackers to read sensitive files, potentially including database credentials, API keys, and other confidential information. Moreover, the ability to delete arbitrary files can lead to denial-of-service conditions or, more critically, remote code execution. The number of affected websites is potentially large, given the popularity of the WP Customer Area plugin. A successful attack can result in complete compromise of the WordPress website and its underlying server.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the WP Customer Area plugin to a version greater than 8.3.4 to patch CVE-2026-3464.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests containing suspicious file paths targeting the \u0026lsquo;ajax_attach_file\u0026rsquo; function (see Sigma rule below).\u003c/li\u003e\n\u003cli\u003eImplement stricter file path validation on the web server to prevent arbitrary file access.\u003c/li\u003e\n\u003cli\u003eApply the provided Sigma rules to your SIEM to detect and alert on malicious attempts to exploit this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T17:17:07Z","date_published":"2026-04-17T17:17:07Z","id":"/briefs/2026-04-wp-customer-area-file-read-delete/","summary":"The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation, allowing authenticated attackers to read sensitive files or delete critical files leading to potential remote code execution.","title":"WP Customer Area Plugin Arbitrary File Read and Deletion Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-wp-customer-area-file-read-delete/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-4659"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["wordpress","file-read","path-traversal","cve-2026-4659"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Unlimited Elements for Elementor plugin, versions 2.0.6 and earlier, contains an arbitrary file read vulnerability (CVE-2026-4659). This vulnerability stems from inadequate sanitization of path traversal sequences within the \u003ccode\u003eURLtoRelative()\u003c/code\u003e and \u003ccode\u003eurlToPath()\u003c/code\u003e functions, particularly when combined with the ability to enable debug output. The \u003ccode\u003eURLtoRelative()\u003c/code\u003e function inadequately strips the base URL without properly sanitizing path traversal characters (\u003ccode\u003e../\u003c/code\u003e). Successful exploitation allows authenticated attackers with Author-level permissions or higher to access and read arbitrary local files on the WordPress host. This can include sensitive configuration files like \u003ccode\u003ewp-config.php\u003c/code\u003e, potentially exposing database credentials and other sensitive information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the WordPress application with Author-level or higher privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies the \u003ccode\u003eRepeater JSON/CSV URL\u003c/code\u003e parameter within the Unlimited Elements widget settings.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious URL containing path traversal sequences (e.g., \u003ccode\u003ehttp://site.com/../../../../etc/passwd\u003c/code\u003e) in the \u003ccode\u003eRepeater JSON/CSV URL\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe crafted URL is passed to the \u003ccode\u003eURLtoRelative()\u003c/code\u003e function, which removes the base URL but fails to sanitize the path traversal sequences.\u003c/li\u003e\n\u003cli\u003eThe resulting path (e.g., \u003ccode\u003e/../../../../etc/passwd\u003c/code\u003e) is concatenated with the base path by the application.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ecleanPath()\u003c/code\u003e function normalizes directory separators, but does not remove traversal components, leaving the path vulnerable.\u003c/li\u003e\n\u003cli\u003eThe application resolves the path, leading to access of the targeted file (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the contents of the arbitrary file, such as \u003ccode\u003ewp-config.php\u003c/code\u003e, potentially extracting sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to read arbitrary files on the WordPress host. This can lead to the exposure of sensitive data, including database credentials, API keys, and other configuration settings stored in files like \u003ccode\u003ewp-config.php\u003c/code\u003e. The impact ranges from data leakage to potential full compromise of the WordPress installation and the underlying server, depending on the contents of the accessed files and the attacker\u0026rsquo;s subsequent actions. The number of potentially affected WordPress sites is substantial, given the popularity of the Elementor plugin.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Unlimited Elements for Elementor plugin to a version greater than 2.0.6 to patch CVE-2026-4659.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests containing path traversal sequences (\u003ccode\u003e../\u003c/code\u003e) in the URI, focusing on requests targeting WordPress plugins; use the provided Sigma rule to facilitate this detection.\u003c/li\u003e\n\u003cli\u003eImplement stricter input validation and sanitization for URL parameters within WordPress plugins, specifically when handling file paths, to prevent path traversal vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T07:23:36Z","date_published":"2026-04-17T07:23:36Z","id":"/briefs/2026-04-wordpress-file-read/","summary":"The Unlimited Elements for Elementor plugin for WordPress is vulnerable to arbitrary file read due to insufficient path traversal sanitization, allowing authenticated attackers to read sensitive files from the WordPress host.","title":"Unlimited Elements for Elementor WordPress Plugin Arbitrary File Read (CVE-2026-4659)","url":"https://feed.craftedsignal.io/briefs/2026-04-wordpress-file-read/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-4660"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-4660","file-read","go-getter","information-disclosure"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eHashiCorp\u0026rsquo;s go-getter library, a tool for retrieving files or directories from various sources, is susceptible to an arbitrary file read vulnerability (CVE-2026-4660) in versions up to 1.8.5. The vulnerability stems from insufficient validation of URLs during git operations, potentially allowing a malicious actor to craft a URL that, when processed by go-getter, results in the reading of arbitrary files from the system\u0026rsquo;s file system. This could lead to the exposure of sensitive data, configuration files, or credentials. The vulnerability has been patched in go-getter version 1.8.6, and the go-getter/v2 branch is not affected. This vulnerability allows for information disclosure, with a CVSS v3.1 score of 7.5.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious URL designed to exploit the go-getter library\u0026rsquo;s git operation handling.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the malicious URL to a system running a vulnerable version of go-getter (\u0026lt;= 1.8.5). The specific delivery mechanism is not defined in the source material.\u003c/li\u003e\n\u003cli\u003eThe go-getter library processes the URL, attempting to retrieve files as instructed.\u003c/li\u003e\n\u003cli\u003eDue to insufficient URL validation, the go-getter library is tricked into accessing arbitrary files on the system.\u003c/li\u003e\n\u003cli\u003eThe content of the accessed files is read by the go-getter library.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the contents of the file through the go-getter library.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to potentially sensitive information contained within the accessed file.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the disclosed information for further malicious activities, such as privilege escalation or lateral movement.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-4660 allows an attacker to read arbitrary files on the system where the vulnerable go-getter library is running. This can lead to the disclosure of sensitive information, including configuration files, credentials, source code, or other confidential data. The number of potential victims is dependent on the widespread adoption of the go-getter library across various systems and applications. The impact is significant as it allows for unauthorized access to sensitive data, potentially leading to further compromise of the affected system and network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the go-getter library to version 1.8.6 or later to remediate CVE-2026-4660.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on URLs processed by the go-getter library, focusing on git operations to prevent similar vulnerabilities.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious URL patterns that may indicate exploitation attempts targeting CVE-2026-4660. While no specific network IOCs are provided, generic webserver rules may be helpful.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Go-Getter Arbitrary File Read Attempt\u003c/code\u003e to identify potential exploitation attempts based on suspicious process command-line arguments.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T14:16:32Z","date_published":"2026-04-09T14:16:32Z","id":"/briefs/2026-04-go-getter-file-read/","summary":"HashiCorp's go-getter library up to v1.8.5 is vulnerable to arbitrary file reads on the file system during certain git operations through a maliciously crafted URL (CVE-2026-4660), potentially allowing attackers to access sensitive information.","title":"HashiCorp go-getter Arbitrary File Read Vulnerability (CVE-2026-4660)","url":"https://feed.craftedsignal.io/briefs/2026-04-go-getter-file-read/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["gotenberg","file-read","vulnerability","chromium"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eGotenberg, a popular Docker-based solution for converting HTML, Markdown, and Office documents to PDF, is susceptible to a critical vulnerability in versions prior to 8.29.0. This flaw allows for unauthenticated arbitrary file read due to a bypass in the Chromium deny-list. The vulnerability stems from the application\u0026rsquo;s failure to enforce case-sensitivity when validating URL schemes against the deny-list, implemented to prevent access to sensitive files. An attacker can exploit this by using…\u003c/p\u003e\n","date_modified":"2026-03-30T16:16:57Z","date_published":"2026-03-30T16:16:57Z","id":"/briefs/2026-04-gotenberg-file-read-bypass/","summary":"Gotenberg versions before 8.29.0 are vulnerable to unauthenticated arbitrary file read, where a case-insensitive URL scheme bypasses the Chromium deny-list, allowing attackers to read sensitive files such as /etc/passwd by using mixed-case or uppercase URL schemes like FILE:///etc/passwd, leading to the leakage of sensitive data from the Gotenberg container and bypassing the fix for CVE-2024-21527.","title":"Gotenberg Chromium Deny-List Bypass via Case-Insensitive URL Scheme","url":"https://feed.craftedsignal.io/briefs/2026-04-gotenberg-file-read-bypass/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2022-50992"}],"_cs_exploited":true,"_cs_products":["E-cology 9.5"],"_cs_severities":["critical"],"_cs_tags":["cve-2022-50992","file-read","vulnerability","webserver"],"_cs_type":"threat","_cs_vendors":["Weaver (Fanwei)"],"content_html":"\u003cp\u003eWeaver (Fanwei) E-cology 9.5 versions prior to 10.52 are vulnerable to an arbitrary file read vulnerability (CVE-2022-50992) within the XmlRpcServlet interface. This vulnerability is located at the XML-RPC endpoint and allows unauthenticated remote attackers to read arbitrary files on the system. The attack leverages the \u003ccode\u003eWorkflowService.getAttachment\u003c/code\u003e and \u003ccode\u003eWorkflowService.LoadTemplateProp\u003c/code\u003e methods, which can be accessed without authentication, to supply file paths. Successful exploitation enables attackers to retrieve sensitive files, including system configuration files and database credentials, from the compromised server. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC), highlighting active exploitation of this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a Weaver E-cology 9.5 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted XML-RPC request to the XmlRpcServlet endpoint.\u003c/li\u003e\n\u003cli\u003eThe request invokes either the \u003ccode\u003eWorkflowService.getAttachment\u003c/code\u003e or \u003ccode\u003eWorkflowService.LoadTemplateProp\u003c/code\u003e method.\u003c/li\u003e\n\u003cli\u003eThe attacker includes a file path to a sensitive file (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, database configuration files) as a parameter in the XML-RPC request.\u003c/li\u003e\n\u003cli\u003eThe vulnerable method processes the request without proper authentication or authorization checks.\u003c/li\u003e\n\u003cli\u003eThe server reads the content of the specified file.\u003c/li\u003e\n\u003cli\u003eThe server returns the file content in the XML-RPC response.\u003c/li\u003e\n\u003cli\u003eThe attacker parses the response to extract the contents of the sensitive file, potentially gaining access to credentials or other sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2022-50992 allows unauthenticated attackers to read arbitrary files on the Weaver E-cology server. This can lead to the disclosure of sensitive information, such as system configuration files, database credentials, and other confidential data. The CVSS v3.1 base score is 7.5, indicating a high severity vulnerability. This vulnerability can lead to full system compromise if database credentials are leaked.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Weaver E-cology instances to version 10.52 or later to remediate CVE-2022-50992.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Weaver E-cology File Read via XML-RPC\u003c/code\u003e to identify exploitation attempts targeting the vulnerable XML-RPC endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to the XmlRpcServlet endpoint, specifically those containing \u003ccode\u003eWorkflowService.getAttachment\u003c/code\u003e or \u003ccode\u003eWorkflowService.LoadTemplateProp\u003c/code\u003e, using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the blast radius of a potential compromise and restrict access to sensitive internal resources.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-weaver-file-read/","summary":"Unauthenticated remote attackers can exploit an arbitrary file read vulnerability (CVE-2022-50992) in Weaver E-cology 9.5 versions prior to 10.52 via the XML-RPC endpoint to access sensitive files.","title":"Weaver E-cology Arbitrary File Read Vulnerability (CVE-2022-50992)","url":"https://feed.craftedsignal.io/briefs/2024-01-weaver-file-read/"}],"language":"en","title":"CraftedSignal Threat Feed — File-Read","version":"https://jsonfeed.org/version/1.1"}