Sell Downloads 1.0.1 - Arbitrary File Disclosure

Sign up to our free email alerts service for instant vulnerability notifications!

Description
Due to the lack of sanitation of of user input, it is possible to download arbitrary files from site, under the context of the web server. This could lead to disclosure of server configuration, or other sensitive information.

Affects

Plugin sell-downloads
fixed in version 1.0.2

References

URL https://research.g0blin.co.uk/cve-2014-9511/

Classification

Type LFI
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Submitter James Hooker
Submitter Website https://research.g0blin.co.uk
Submitter Twitter g0blinResearch
Views 100
Verified No
WPVDB ID 7732

Timeline

Added 2014-12-29 (almost 2 years ago)
Last Updated 2015-11-12 (about 1 year ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.