Summary
This host is installed with WordPress WP ecommerce Shop Styling Plugin and is prone to remote file inclusion vulnerability.
Impact
Successful exploitation may allow an attacker to obtain sensitive information, which can lead to launching further attacks.
Impact Level: Application
Solution
Upgrade to version 1.8 or higher.
For updates refer to http://wordpress.org/plugins/wp-ecommerce-shop-styling
Insight
Input passed via the 'id' HTTP GET parameter to /lp/index.php script is not properly sanitised before returning to the user.
Affected
WordPress WP ecommerce Shop Styling Plugin version 1.7.2, Other version may also be affected.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2013-0724 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- 68designs 68kb Multiple Remote File Include Vulnerabilities
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability