oss-sec mailing list archives

Re: Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin

From: cve-assign () mitre org
Date: Fri, 10 Jul 2015 16:32:38 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin
Download Site: https://wordpress.org/plugins/ibs-mappro/
Vendor: Hmoore71
Vendor Notified: 2015-07-08, resolved in v1.0.
Advisory: http://www.vapid.dhs.org/advisory.php?v=137

$filename = $_GET['file'];
readfile($filename);

https://wordpress.org/plugins/ibs-mappro/changelog/
07-08/2015 Version 1.0 Fix download exposure.

https://plugins.trac.wordpress.org/changeset/1195039


Use CVE-2015-5472.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVoCm0AAoJEKllVAevmvmsi7oH/RYvvpYWLIKvpSndZRy0yUlJ
g7XBb0DGUHP0HUKU0TJMD7k7IrWeh2yIwwphoTkHdbFbo8UJEgiTSjlr/+S8j1OD
hdqPw2HvbkLfTkEC5NkurulbUaaKPNrXYggPjqPWVoM8HYgtoM+yVMWf3UiqggOB
yN61lCrKzmeXMrKRQftfQwKPYSYhs28ayPhO0AxEWgIeNctxHVul0csePZIh399b
vGWK34KS85r+dKAXuXsFG62as+Ci7gPM4xpTDO4gJynI5z2od2l7loFkzYYZrDFb
ZuTryXyyzvrbQUOfQXEwy+ZT8iCXv64Asp1Ra0AY+gORmgxjI5AMgefl9b0F9Yo=
=vFs+
-----END PGP SIGNATURE-----

Current thread:

Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin Larry W. Cashdollar (Jul 09)
- <Possible follow-ups>
- Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin Larry W. Cashdollar (Jul 09)
  - Re: Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin cve-assign (Jul 10)