CVE-2015-5469

Опубликовано: 23 мая 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.

Ссылки

http://www.openwall.com/lists/oss-security/2015/07/07/1
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/07/10/5
Mailing List
Third Party Advisory
http://www.vapid.dhs.org/advisory.php?v=133
Exploit
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/07/07/1
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/07/10/5
Mailing List
Third Party Advisory
http://www.vapid.dhs.org/advisory.php?v=133
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mdc_youtube_downloader_project:mdc_youtube_downloader:2.1.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 98%

0.4911

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-ff9c-2v27-xqmf