WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion

2020.02.11
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

[-] Title : WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion [-] Author : mehran feizi [-] Vendor : https://wordpress.org/plugins/ultimate-member/ [-] Category : Webapps [-] Date : 2020-02-11 Vulnerable Page: /class-admin-upgrade.php Vulnerable Source: 354: if(empty($_POST['pack'])) else 356: include_once include_once $this->packages_dir . DIRECTORY_SEPARATOR . $_POST['pack'] . DIRECTORY_SEPARATOR . 'init.php'; Exploit: localhost/wp-content/plugins/worprees plugin bug dar/ultimate-member/includes/admin/core/class-admin-upgrade.php


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top