Sell Downloads 1.0.1 - Arbitrary File Disclosure
| Description | Due to the lack of sanitation of of user input, it is possible to download arbitrary files from site, under the context of the web server. This could lead to disclosure of server configuration, or other sensitive information. |
Affects Plugin
|
fixed in version 1.0.2
|
References
| URL | https://research.g0blin.co.uk/cve-2014-9511/ |
Classification
| Type | LFI |
| OWASP Top 10 | A1: Injection |
| CWE | CWE-22 |
Miscellaneous
| Submitter | James Hooker |
| Submitter Website | https://research.g0blin.co.uk |
| Submitter Twitter | g0blinResearch |
| Views | 201 |
| Verified | No |
| WPVDB ID | 7732 |
Timeline
| Added | 2014-12-29 (over 3 years ago) |
| Last Updated | 2015-11-12 (almost 3 years ago) |
Copyright & License
| Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
| License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |
