Cart66 Pro <= 1.5.3 Arbitrary File Disclosure



Description
Ability to change settings with a registered (non-admin) user allows us to trigger an Arbitrary File Disclosure vulnerability with any path of our choosing.

One limitation with this vulnerability is that the target user (in the PoC, ‘test’) needs to have an account on the Cart66 installation.

Affects Plugin

fixed in version 1.5.4

References

CVE 2014-9461
URL https://research.g0blin.co.uk/cve-2014-9461/

Classification

Type LFI
OWASP Top 10 A1: Injection
CWE CWE-22

Miscellaneous

Submitter James Hooker
Submitter Website https://research.g0blin.co.uk
Submitter Twitter g0blinResearch
Views 6711
Verified No
WPVDB ID 7736

Timeline

Publicly Published 2015-01-01 (over 5 years ago)
Added 2015-01-01 (over 5 years ago)
Last Updated 2019-10-21 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin