Sell Downloads 1.0.1 - Arbitrary File Disclosure
Sign up to our free email alerts service for instant vulnerability notifications!Description | Due to the lack of sanitation of of user input, it is possible to download arbitrary files from site, under the context of the web server. This could lead to disclosure of server configuration, or other sensitive information. |
Affects Plugin
fixed in version 1.0.2
|
References
URL | https://research.g0blin.co.uk/cve-2014-9511/ |
Classification
Type | LFI |
OWASP Top 10 | A1: Injection |
CWE | CWE-22 |
Miscellaneous
Submitter | James Hooker |
Submitter Website | https://research.g0blin.co.uk |
Submitter Twitter | g0blinResearch |
Views | 147 |
Verified | No |
WPVDB ID | 7732 |
Timeline
Added | 2014-12-29 (over 3 years ago) |
Last Updated | 2015-11-12 (over 2 years ago) |
Copyright & License
Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |