CVE-2019-1000031 Information

Description

A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24 0.25 0.26 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://packetstormsecurity.com/files/152236/WordPress-article2pdf-0.24-DoS-File-Deletion-Disclosure.html https://seclists.org/bugtraq/2019/Mar/49 https://wpvulndb.com/vulnerabilities/9246

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5