Amministrazione Aperta
Approved changes feed: RSS · Atom
cpe:2.3:a:amministrazione_aperta_project:amministrazione_aperta:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Amministrazione Aperta Project (f17f64b4-beb5-5a11-b0df-53d1be8be04b) |
|---|---|
| Product | Amministrazione Aperta (161c8e53-2c8a-5c39-b0f4-2541f9f62295) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/amministrazione-aperta |
purl2cpe | 2026-06-01 10:16:59.305499 |
pkg:github/wpplugins/amministrazione-aperta |
purl2cpe | 2026-06-01 10:16:59.305501 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-1560 |
vulnerable | 2026-06-08 05:39:13.453540 |
Amministrazione Aperta < 3.8 - Admin+ LFI
The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link
Published: 2022-05-16T14:31:15.000Z
Updated: 2024-08-03T00:10:03.383Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.