Vulnerability CVE-2012-6512
Published: 2013-01-23   Modified: 2013-01-24

Description:
The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Organizer project -> Organizer 
Jeff sterup -> Plugin-organizer 

 References:
http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html
http://websecurity.com.ua/5782
https://exchange.xforce.ibmcloud.com/vulnerabilities/75107
Copyright 2024, cxsecurity.com

 

Back to Top