Sell Downloads 1.0.1 - Arbitrary File Disclosure
| Description |
Due to the lack of sanitation of of user input, it is possible to download arbitrary files from site, under the context of the web server. This could lead to disclosure of server configuration, or other sensitive information. |
Affects Plugin
|
|
References
| URL | https://research.g0blin.co.uk/cve-2014-9511/ |
Classification
| Type | LFI |
| OWASP Top 10 | A1: Injection |
| CWE | CWE-22 |
Miscellaneous
| Submitter | James Hooker |
| Submitter Website | https://research.g0blin.co.uk |
| Submitter Twitter | g0blinResearch |
| Views | 4626 |
| Verified | No |
| WPVDB ID | 7732 |
Timeline
| Publicly Published | 2014-12-29 (over 5 years ago) |
| Added | 2014-12-29 (over 5 years ago) |
| Last Updated | 2019-10-21 (9 months ago) |
Our Other Services
| Online WordPress Vulnerability Scanner | WPScan WordPress Security Plugin |
