Summary
This host is installed with Wordpress
EasyCart and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote
attackers to disclose detailed system information.
Impact Level: Application
Solution
Upgrade to version 2.0.6 or higher,
For updates refer https://wordpress.org/plugins/wp-easycart
Insight
Flaw is due to improper handling of a
direct request for the /inc/admin/phpinfo.php script.
Affected
Wordpress EasyCart version 2.0.1
through 2.0.5
Detection
Send a crafted data via HTTP GET request
and check whether it is able to read system info or not.
References
Severity
Classification
-
CVE CVE-2014-4942 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Apache Archiva Home Page Cross-Site Scripting vulnerability