Summary
This host is running WordPress with wp-FileManager plugin and is prone to file download vulnerability.
Impact
Successful exploitation will allow remote attackers to download and read arbitrary files on the affected application.
Impact Level: Application
Solution
Upgrade to version 1.4.0 or later,
For updates refer to http://wordpress.org/extend/plugins/wp-filemanager
Insight
The input passed via 'path' parameter to
'wordpress/wp-content/plugins/wp-filemanager/incl/libfile.php' script is not properly validating '../'(dot dot) sequences before being returned to the user.
Affected
Wordpress wp-FileManager Plugin before 1.4.0
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apple Safari Multiple Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities