Wordpress DukaPress 'src' Parameter Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with Wordpress DukaPress and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow remote attackers to download arbitrary files. Impact Level: Application

Solution

Upgrade to version 2.5.4 or higher, For updates refer to https://wordpress.org/plugins/dukapress

Insight

Flaw is due to the dp_img_resize function in the php/dp-functions.php script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') via the 'src' parameter that contains '..' to lib/dp_image.php.

Affected

Wordpress DukaPress plugin before 2.5.4

Detection

Send a crafted data via HTTP GET request and check whether it is able to read arbitrary files or not.

References

http://www.exploit-db.com/exploits/35346
http://www.osvdb.org/115130
http://xforce.iss.net/xforce/xfdb/98943

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8799

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

/doc directory browsable ?
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Apache Struts Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities