Summary
This host is installed with WordPress WPtouch plugin and is prone to path disclosure vulnerability.
Impact
Successful exploitation will allow attacker to gain sensitive information like installation path.
Impact Level: Application
Solution
Upgrade to version 1.9.8.1 or later,
For Updated refer to http://wordpress.org/plugins/wptouch
Insight
Flaws is due to error in the php files in plugin folder and subfolders.
Affected
WPtouch version 1.9.7.1 and prior
Detection
Send a HTTP GET request and check whether it is able to disclose the path or not.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Directory Listing and File disclosure
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability