exploitDog

CVE-2015-5609

Опубликовано: 23 мая 2017

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

Ссылки

http://www.openwall.com/lists/oss-security/2015/07/13/10
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2015/07/21/1
Exploit
Mailing List
http://www.vapid.dhs.org/advisory.php?v=135
Exploit
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/07/13/10
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2015/07/21/1
Exploit
Mailing List
http://www.vapid.dhs.org/advisory.php?v=135
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:image-export_project:image-export:1.1:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 79%

0.01234

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-7394-mpvp-x94f

CVSS3: 9.1

github

больше 3 лет назад

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

EPSS

Процентиль: 79%

0.01234

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22