CVE-2012-0896

Sažetak

Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.

Reference

http://osvdb.org/78270
http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt
http://plugins.trac.wordpress.org/changeset/488883/count-per-day
http://secunia.com/advisories/47529
http://wordpress.org/extend/plugins/count-per-day/changelog/
http://www.exploit-db.com/exploits/18355
http://www.securityfocus.com/bid/51402
https://exchange.xforce.ibmcloud.com/vulnerabilities/72385

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-07-2020 - 10:51

Objavljeno

20-01-2012 - 17:55