PT-2008-2240 · WordPress · Dmsguestbook

Nbbn

Publicado

2008-02-06

Atualizado

2023-08-02

CVE-2008-0615

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions DMSGuestbook plugin for WordPress versions 1.7.0 through 1.8.0

Description A directory traversal issue exists, allowing remote authenticated users to read arbitrary files. This is achieved by using a .. (dot dot) in the folder and file parameters.

Recommendations For DMSGuestbook plugin for WordPress versions 1.7.0 through 1.8.0, consider restricting access to the admin.php file in the wp-admin directory until a patch is available. As a temporary workaround, avoid using the folder and file parameters in the affected API endpoint.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2008-0615

Produtos afetados

Dmsguestbook

PT-2008-2240 · WordPress · Dmsguestbook

CVE-2008-0615

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7