oss-sec mailing list archives
Re: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777
From: cve-assign () mitre org
Date: Fri, 10 Jul 2015 16:31:13 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Title: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Download Site: https://wordpress.org/plugins/wp-swimteam Vendor: Mike Walsh www.MichaelWalsh.org Vendor Notified: 2015-07-02, fixed in v1.45beta3 Advisory: http://www.vapid.dhs.org/advisory.php?v=134
include/user/download.php
$fh = fopen($file, 'r') $txt .= fread($fh, 1024) ; print $txt ;
(1.45beta changes are apparently not recorded at https://plugins.trac.wordpress.org/log/wp-swimteam/ or https://wordpress.org/plugins/wp-swimteam/changelog/ yet) Use CVE-2015-5471. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVoCmtAAoJEKllVAevmvms6LoIAJgxJrhwfR3GuXQHrwXpECoX WYHFL4xHt+kVeZKqEk/tyArrXu4HGOdfQz+9w5APhWxs0zogn7t8WPuzKGjwZvn8 ieHxjPRF0KV2RPmNcJsptFG32BVpXr3m9Z+n392QQURW95V+b7u05hwmHdUxztku X2WRXU0zO0F/V7R/7RBRwVvNPo1kPFZ3i7yw6O7wFxHPdhnTUE+lEhlFEk4Nge4X REsqTg4+BIacjzi0TBzyQqdtBAiwmgtn2Ltz4TLTqVN4HLIdjbXwRa9tVPh0irIP LscJPnt8N//Y7T7mKL/SaLfC4ENENAFETgZKxPECtw9L3YWA+3LIrpnjugcF34A= =WV3U -----END PGP SIGNATURE-----
Current thread:
- Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 Larry W. Cashdollar (Jul 08)
- Re: Remote file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 cve-assign (Jul 10)