PT-2019-7432 · WordPress · Estrutura-Basica
Published
2019-10-10
·
Updated
2019-10-15
·
CVE-2015-9473
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
estrutura-basica theme versions through 2015-09-13
Description
The issue concerns directory traversal in the estrutura-basica theme for WordPress. This is achieved via the
arquivo parameter in the "scripts/download.php" endpoint.Recommendations
For versions through 2015-09-13, consider restricting access to the "scripts/download.php" endpoint until a fix is available. As a temporary workaround, avoid using the
arquivo parameter in the affected endpoint to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Estrutura-Basica