Summary
This host is installed with WordPress Floating Social Media Links Plugin and is prone to remote file inclusion vulnerabilities.
Impact
Successful exploitation could allow attackers to perform directory traversal attacks and read arbitrary files on the affected application.
Impact Level: Application
Solution
Upgrade to the WordPress Portable phpMyAdmin Plugin version 1.4.3 or later, For updates refer to http://wordpress.org/extend/plugins/floating-social-media-links/
Insight
The flaw is due to an improper validation of user supplied input to the 'wpp' parameter in 'fsml-hideshow.js.php' and 'fsml-admin.js.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.
Affected
WordPress Floating Social Media Links Plugin version 1.4.2 and prior
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ApPHP MicroBlog Remote Code Execution Vulnerability
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- admin.cgi overflow
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
- AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities