oss-sec mailing list archives
CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion
From: Henri Salo <henri () nerv fi>
Date: Wed, 30 Jul 2014 16:38:46 +0300
Can I get 2012 CVE for following vulnerability in A Page Flip Book plugin for WordPress (wppageflip), thanks. Description: A Page Flip Book Plugin for WordPress contains a flaw that may allow a remote attacker to execute arbitrary commands or code. This issue is triggered when input passed to the wp-content/plugins/wppageflip/pageflipbook.php script from index.php is not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'pageflipbook_language' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server. Plugin page: http://wordpress.org/plugins/wppageflip/ Discussion: http://wordpress.org/support/topic/pageflipbook-pageflipbook_language-parameter-local-file-inclusion Related: http://ceriksen.com/2012/07/10/wordpress-a-page-flip-book-plugin-local-file-inclusion-vulnerability/ http://secunia.com/advisories/49505/ I was unable to reproduce this vulnerability in version 3.0 of this plugin so fixed in the latest version at least. Other versions not tested. --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion Henri Salo (Jul 30)