PT-2017-12154 · Innovatech · Wp Rocket

Publicado

2017-07-26

·

Atualizado

2017-08-04

·

CVE-2017-11658

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions WP Rocket plugin version 2.9.3
Description The issue concerns the Local File Inclusion mitigation technique in the WP Rocket plugin, which trims traversal characters (..) but is insufficient to prevent remote attacks. This weakness can be exploited by using 0x00 bytes, as shown in a .%00.../.%00.../ attack.
Recommendations For WP Rocket plugin version 2.9.3, consider disabling the Local File Inclusion feature until a patch is available to prevent potential remote attacks.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2017-11658

Produtos afetados

Wp Rocket