CVE-2015-4703

Опубликовано: 12 янв. 2016

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter.

Ссылки

http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html
Exploit
Patch
http://www.openwall.com/lists/oss-security/2015/06/23/5
Exploit
Patch
http://www.securityfocus.com/bid/75394
http://www.vapid.dhs.org/advisory.php?v=127
Exploit
https://wpvulndb.com/vulnerabilities/8055
Exploit
http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html
Exploit
Patch
http://www.openwall.com/lists/oss-security/2015/06/23/5
Exploit
Patch
http://www.securityfocus.com/bid/75394
http://www.vapid.dhs.org/advisory.php?v=127
Exploit
https://wpvulndb.com/vulnerabilities/8055
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rename_project:rename:1.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 74%

0.00797

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-cwwc-wpgx-3wj6