oss-sec mailing list archives
Re: CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion
From: cve-assign () mitre org
Date: Thu, 31 Jul 2014 11:45:09 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Can I get 2012 CVE for following vulnerability in A Page Flip Book plugin for WordPress (wppageflip) http://wordpress.org/support/topic/pageflipbook-pageflipbook_language-parameter-local-file-inclusion http://ceriksen.com/2012/07/10/wordpress-a-page-flip-book-plugin-local-file-inclusion-vulnerability/ input passed to the wp-content/plugins/wppageflip/pageflipbook.php script from index.php is not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'pageflipbook_language' parameter
The wording seems a bit garbled ("is not properly sanitizing user input" should probably be "is not properly sanitized") but it's fairly obvious what is meant. Use CVE-2012-6652. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJT2mO5AAoJEKllVAevmvmsGCwH/iYX5kdurISZLd3nYpBiGhHG ITPJbO7rTWqm7VcalPBUKSYkdzZcav5flA/zxm79A/v4uC+rgr7+tPbCjCQaVcHF 4RwOt/T9EClb5sDSBh3d308byiTavEqO1iIONsirQriJLzOvXZJsIAzdVv2EGnFD eEUNueyu6izaFTW4uYIkfwSZCoJw9Kbkdb0Jo8e16KJdFHtzkolEwQdSk/9Jzk51 yVrQrAOmVHizdeuR471/Zm8g1GXsIYGf96HfM5J5s7vEdk1rEwPHICMH/EU9Hpjg LjleUoNYyVv+Lz0sDZNZjwvG6sPGeX8J98PHLSrFf2SFrPCf+V5CthjVQslMROA= =EuG/ -----END PGP SIGNATURE-----
Current thread:
- CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion Henri Salo (Jul 30)
- Re: CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion cve-assign (Jul 31)