Описание
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| knowledgeroot | not-affected | package | ||
| moodle | not-affected | package | ||
| wordpress | fixed | 2.5.1-3 | package | |
| wordpress | not-affected | etch | package |
Примечания
this was possibly fixed before 2.5.1 in wordpress but since 2.5.1-3 wordpress
uses the system copy of tinymce and the exact fixed version is not
really determinably anymore
EPSS
Связанные уязвимости
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
EPSS