WP Source Control Plugin for WordPress Directory Traversal

medium Nessus Plugin ID 77373

Synopsis

The remote web server hosts a PHP script that is affected by a directory traversal vulnerability.

Description

The remote web server is hosting a version of WP Source Control Plugin for WordPress that is affected by a directory traversal vulnerability due to a failure to properly sanitize user-supplied input to the 'path' parameter of the 'downloadfiles/download.php' script.
Therefore, a remote, unauthenticated attacker can read arbitrary files by using a specially crafted request containing directory traversal sequences.

Solution

Unknown at this time.

See Also

https://seclists.org/oss-sec/2014/q3/407

Plugin Details

Severity: Medium

ID: 77373

File Name: wordpress_wp_source_control_file_disclosure.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 8/25/2014

Updated: 6/6/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/19/2014

Reference Information

CVE: CVE-2014-5368

BID: 69278