exploitDog

CVE-2018-16299

Опубликовано: 24 сент. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Высокий

Описание

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.

Ссылки

http://seclists.org/fulldisclosure/2018/Sep/33
Exploit
Mailing List
Third Party Advisory
https://github.com/julianburr/wp-plugin-localizemypost/issues/1
Broken Link
Third Party Advisory
https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45439/
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Sep/33
Exploit
Mailing List
Third Party Advisory
https://github.com/julianburr/wp-plugin-localizemypost/issues/1
Broken Link
Third Party Advisory
https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45439/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:localize_my_post_project:localize_my_post:1.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 99%

0.84841

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-xrjq-xm6p-qjxc

CVSS3: 7.5

github

больше 3 лет назад

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.

EPSS

Процентиль: 99%

0.84841

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22