exploitDog

CVE-2014-9014

Опубликовано: 06 нояб. 2019

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.

Ссылки

https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/36466/
Exploit
Third Party Advisory
VDB Entry
https://security.szurek.pl/wp-marketplace-240-arbitrary-file-download.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/36466/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpmarketplace_project:wpmarketplace:2.4.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 90%

0.05247

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-62vx-c83j-rc73

github

больше 3 лет назад

Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.

EPSS

Процентиль: 90%

0.05247

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22