{"id":4360,"date":"2024-07-26T14:15:11","date_gmt":"2024-07-26T14:15:11","guid":{"rendered":"http:\/\/127.0.0.1\/aramex-shipping-woocommerce-1-1-21-revelacion-no-autenticada-de-ruta-completa\/"},"modified":"2024-07-26T14:15:11","modified_gmt":"2024-07-26T14:15:11","slug":"aramex-shipping-woocommerce-1-1-21-revelacion-no-autenticada-de-ruta-completa","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/aramex-shipping-woocommerce-1-1-21-revelacion-no-autenticada-de-ruta-completa\/","title":{"rendered":"Aramex Shipping WooCommerce <= 1.1.21 – Revelaci\u00f3n no autenticada de ruta completa"},"content":{"rendered":"
<\/p>\n
El plugin de env\u00edo de Aramex para WooCommerce en WordPress es vulnerable a la Revelaci\u00f3n de Ruta Completa en todas las versiones hasta, e incluyendo, la 1.1.21. Esto se debe a que el plugin no impide el acceso directo al archivo composer-setup.php que tambi\u00e9n tiene display_errors habilitado. Esto hace posible que los atacantes no autenticados […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2068],"class_list":["post-4360","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-6566"],"yoast_head":"\n