Published: 03/01/2014 Updated: 25/02/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the dew_file parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
westerndeal advanced_dewplayer 1.2
wordpress wordpress -

source: wwwsecurityfocuscom/bid/64587/info The Advanced Dewplayer plugin for WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks Advanced Dewplayer 12 is vul ...

README and exploit descriptions

CST312-WordPressExploits README and exploit descriptions Project 7 - WordPress Pentesting Time spent: 4 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Vulnerability Name or ID: Directory Indexing Summary: Vulnerability types: Passive Tested in version: All Fixed

CWE-22 http://seclists.org/oss-sec/2013/q4/570 http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal http://www.securityfocus.com/bid/64587 http://seclists.org/oss-sec/2013/q4/566 https://nvd.nist.gov https://github.com/JNado/CST312-WordPressExploits https://www.exploit-db.com/exploits/38936/

CVE-2013-7240

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect