'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:wordpress_aam_Plugin_arbitrary_file_reading_vulnerability(Rule ID:1070210399)

Release Date2025/9/15

Rule NameCVE-2019-25213:WordPress Plugin Advanced Access Manager aam-media Arbitrary File Reading Vulnerability

Severity:high

CVE IDCVE-2019-25213

 

Descripiton

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The Advanced-Access-Manager plugin for WordPress is vulnerable to unauthenticated arbitrary file reads in versions 5.9.8.1 and under. This allows an unauthenticated attacker to read any file on the server, including sensitive files such as wp-config.php. This rule may contain false positives. If normal services are affected, you are advised to disable this rule.
Other reference:None

 

Solution

Update vendor patches.