oss-sec mailing list archives
Re: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5
From: cve-assign () mitre org
Date: Fri, 10 Jul 2015 16:28:17 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05, fixed in version 2.6. Vendor Contact: http://wpshopstyling.com readfile(HAET_INVOICE_PATH.$_GET['filename']); /wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=../../../../../../../../../etc/passwd
https://wordpress.org/plugins/wp-ecommerce-shop-styling/changelog/ 2.6: fixed security bug
https://plugins.trac.wordpress.org/changeset/1193456
Code added in 2.6: if( strpos($_GET['filename'], '/') !== FALSE ) die(); if( strrpos( strtolower($_GET['filename']), '.pdf') !== strlen($_GET['filename'])-4 ) die(); Use CVE-2015-5468. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVoCmfAAoJEKllVAevmvmsBY0H/2Mn/yxrMrQxOZe58AssL+SJ TCeDkR+HtXqXMTi2xrWVUkyJI9db6bMu8RbbHOUz6YOM/CjmLVNrpIpgGro6xvIP +KW7rynEPnEgg4q+uRfo9C762FiVcWJqlbs4NtfCRCumOi3ZgG2ZIOMeu5ihmjyr iYkiaS4Rc2Yy6KtUb28iipzLtqDz6FduRbuMvlqb2c53cypQBLPCSrHpE9O5l7Nr f1jPvxWIiPZzOLu6RrAz6nabuoYFsWLmPfcV+6UKfCFMiSEbAs0b9rUT1pea7Z5P 1xXe70Rh8OYomFG1EuamnD6jJcgQzgTaoSKYXCRh9dteDGnWSsChd624Vo/GuLw= =g0mR -----END PGP SIGNATURE-----
Current thread:
- Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Larry W. Cashdollar (Jul 06)
- Re: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 cve-assign (Jul 10)