PT-2019-7073 · WordPress · Antioch Theme
Published
2019-09-20
·
Updated
2019-09-23
·
CVE-2014-10397
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Antioch theme for WordPress versions through 2014-09-07
Description
The issue allows arbitrary file downloads via the
file parameter to "lib/scripts/download.php". This enables unauthorized access to files on the system.Recommendations
For Antioch theme for WordPress versions through 2014-09-07, avoid using the
file parameter in the "lib/scripts/download.php" endpoint until the issue is resolved. Consider restricting access to the "lib/scripts/download.php" script to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Antioch Theme