WordPress Ajax Store Locator Plugin Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Ajax Store Locator Plugin and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attacker to read arbitrary files on the target system. Impact Level: System/Application

Solution

No solution or patch is available as of 20th February, 2015. Information regarding this issue will updated once the solution details are available. For updates refer to http://codecanyon.net/item/ajax-store-locator-wordpress/5293356

Insight

Input passed via the 'download_file' parameter to the sl_file_download.php script is not properly sanitized before being returned to the user.

Affected

WordPress Ajax Store Locator version 1.2 and prior.

Detection

Send a crafted data via HTTP GET request and check whether it is possible to read a local file

References

http://osvdb.org/115595
http://www.exploit-db.com/exploits/35493

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AlienForm CGI script
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities