DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download CVE-2021-39316 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download CVE-2021-39316 Scanner Detail

There is an unauthenticated arbitrary file download vulnerability in DZS Zoomsounds < 6.50.

The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.

Some Advice for Common Problems

You have to apply related fixes.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service