Wordpress Html5 Mp3 Player 'playlist.php' Path Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Wordpress Html5 Mp3 Player with Playlist plugin and is prone to path disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to discloses the software's installation path resulting in a loss of confidentiality. Impact Level: Application

Solution

Upgrade to version 2.7 or higher, For updates refer https://wordpress.org/plugins/html5-mp3-player-with-playlist

Insight

Flaw is triggered when a remote attacker sends a direct request for the /html5plus/playlist.php script.

Affected

Wordpress HTML5 MP3 Player with Playlist Free plugin before 2.7

Detection

Send a crafted data via HTTP GET request and check whether it is disclosing installation path or not.

References

http://h4x0resec.blogspot.in/2014/11/wordpress-html5-mp3-player-with.html
http://packetstormsecurity.com/files/129286
http://www.osvdb.org/115159
http://xforce.iss.net/xforce/xfdb/98988
https://wordpress.org/plugins/html5-mp3-player-with-playlist/changelog

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9177

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Continuum Cross Site Scripting Vulnerability
aeNovo Database Content Disclosure Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
Apache Struts Cross Site Scripting Vulnerability
Apache ActiveMQ Multiple Vulnerabilities

Take action and discover your vulnerabilities