Newsletter Plugin for WordPress 'preview.php' 'data' Parameter Directory Traversal

medium Nessus Plugin ID 65764

Synopsis

The remote web server contains a PHP script that is affected by a directory traversal vulnerability.

Description

The Newsletter Plugin for WordPress installed on the remote host is affected by a directory traversal vulnerability. The issue is due to the 'plugins/plugin-newsletter/preview.php' script failing to properly sanitize input to that 'data' parameter. This allows a remote attacker to view the contents of files located outside of the server's root directory by sending a URI that contains directory traversal characters.

Solution

Unknown at this time.

Plugin Details

Severity: Medium

ID: 65764

File Name: wordpress_newsletter_preview_directory_traversal.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 4/1/2013

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Vulnerability Publication Date: 5/31/2012

Reference Information

CVE: CVE-2012-3588

BID: 53900