Unrated severityNVD Advisory· Published Apr 11, 2022· Updated Aug 2, 2024

Download Manager < 3.2.39 - Unauthenticated brute force of files master key

CVE-2022-0828

Description

The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.

Affected products

Unknown/Download Managerv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/7f0742ad-6fd7-4258-9e44-d42e138789bbmitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000