oss-sec mailing list archives
Re: Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin
From: cve-assign () mitre org
Date: Fri, 10 Jul 2015 16:32:38 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Title: Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin Download Site: https://wordpress.org/plugins/ibs-mappro/ Vendor: Hmoore71 Vendor Notified: 2015-07-08, resolved in v1.0. Advisory: http://www.vapid.dhs.org/advisory.php?v=137
$filename = $_GET['file']; readfile($filename);
https://wordpress.org/plugins/ibs-mappro/changelog/ 07-08/2015 Version 1.0 Fix download exposure.
https://plugins.trac.wordpress.org/changeset/1195039
Use CVE-2015-5472. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVoCm0AAoJEKllVAevmvmsi7oH/RYvvpYWLIKvpSndZRy0yUlJ g7XBb0DGUHP0HUKU0TJMD7k7IrWeh2yIwwphoTkHdbFbo8UJEgiTSjlr/+S8j1OD hdqPw2HvbkLfTkEC5NkurulbUaaKPNrXYggPjqPWVoM8HYgtoM+yVMWf3UiqggOB yN61lCrKzmeXMrKRQftfQwKPYSYhs28ayPhO0AxEWgIeNctxHVul0csePZIh399b vGWK34KS85r+dKAXuXsFG62as+Ci7gPM4xpTDO4gJynI5z2od2l7loFkzYYZrDFb ZuTryXyyzvrbQUOfQXEwy+ZT8iCXv64Asp1Ra0AY+gORmgxjI5AMgefl9b0F9Yo= =vFs+ -----END PGP SIGNATURE-----
Current thread:
- Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin Larry W. Cashdollar (Jul 09)
- <Possible follow-ups>
- Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin Larry W. Cashdollar (Jul 09)
- Re: Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin cve-assign (Jul 10)