Vulnerability CVE-2015-5065
Published: 2015-06-24

Description:
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Paypal currency converter basic for woocommerce project -> Paypal currency converter basic for woocommerce 
Intelligent-it -> Paypal currency converter basic for woocommerce 

 References:
http://packetstormsecurity.com/files/132278/WordPress-Paypal-Currency-Converter-Basic-For-Woocommerce-1.3-File-Read.html
http://www.securityfocus.com/bid/75416
https://plugins.trac.wordpress.org/changeset/1179092/paypal-currency-converter-basic-for-woocommerce
https://wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/changelog/
https://www.exploit-db.com/exploits/37253/
Copyright 2024, cxsecurity.com

 

Back to Top