Vulnerability CVE-2015-7669


Published: 2017-12-27

Description:
Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."

See advisories in our WLB2 database:
Topic
Author
Date
Med.
WordPress Easy2Map 1.2.9 Local File Inclusion / Directory Traversal
Ibéria Medeiros
06.10.2015

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/archive/1/archive/1/536597/100/0/threaded
https://wordpress.org/plugins/easy2map/#developers
https://wpvulndb.com/vulnerabilities/8206

Copyright 2018, cxsecurity.com

 

Back to Top