Sell Downloads 1.0.1 - Arbitrary File Disclosure



Description
Due to the lack of sanitation of of user input, it is possible to download arbitrary files from site, under the context of the web server. This could lead to disclosure of server configuration, or other sensitive information.

Affects Plugin

fixed in version 1.0.2

References

URL https://research.g0blin.co.uk/cve-2014-9511/

Classification

Type LFI
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Submitter James Hooker
Submitter Website https://research.g0blin.co.uk
Submitter Twitter g0blinResearch
Views 4626
Verified No
WPVDB ID 7732

Timeline

Publicly Published 2014-12-29 (over 5 years ago)
Added 2014-12-29 (over 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin