ChurcHope Theme <= 2.1 - Local File Inclusion (LFI)
Description | The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible. |
Proof of Concept |
|
Affects Theme
fixed in version 2.2
|
References
Classification
Type | LFI |
OWASP Top 10 | A1: Injection |
CWE | CWE-22 |
Miscellaneous
Submitter | Justin Smith |
Views | 2591 |
Verified | No |
WPVDB ID | 7710 |
Timeline
Added | 2014-12-07 (about 4 years ago) |
Last Updated | 2018-08-05 (6 months ago) |
Copyright & License
Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |