PT-2007-3806 · WordPress · Wordtube Plugin For Wordpress

K-159

Publicado

2007-05-03

Atualizado

2018-10-16

CVE-2007-2482

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions wordTube plugin for WordPress versions 1.43 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter when register globals is enabled.

Recommendations For wordTube plugin for WordPress versions 1.43 and earlier, consider disabling the wpPATH parameter or restricting its use until a patch is available. Additionally, disabling register globals can help mitigate the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-2482

Produtos afetados

Wordtube Plugin For Wordpress

PT-2007-3806 · WordPress · Wordtube Plugin For Wordpress

CVE-2007-2482

Identificadores relacionados

Produtos afetados

Referências · 13