Description
Invicti determined that it was possible to access SolarWinds Orion's sensitive files without authentication with a specially crafted HTTP request.
Remediation
Upgrade to the latest version of SolarWinds Orion
References
Related Vulnerabilities
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.44)
WordPress Plugin BAVOKO SEO Tools-All-in-One WordPress SEO Security Bypass (2.1.9.7)
WordPress Plugin Thrive Optimize Security Bypass (1.4.13.2)
WordPress Plugin Catch Import Export Security Bypass (1.8)
WordPress Plugin Ultimate Addons for Elementor Security Bypass (1.20.0)