CVE-2012-0896
published 2012-01-20CVE-2012-0896: Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files…
PriorityP343medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
25.22%
97.7th percentile
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| count_per_day_project | count_per_day | — | — |
| count_per_day_project | count_per_day | — | — |
| count_per_day_project | count_per_day | — | — |
| count_per_day_project | count_per_day | — | — |
| tom_braider | count_per_day | <= 3.1 | — |
| tom_braider | count_per_day | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Count Per Day - Multiple Vulnerabilities
exploitdb·2012-01-12
CVE-2012-0896 WordPress Plugin Count Per Day - Multiple Vulnerabilities
WordPress Plugin Count Per Day - Multiple Vulnerabilities
---
#Exploit Title: Count-per-day Wordpress plugin Arbitrary file download and XSS
#Version: '
Nuclei
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
nuclei·CVSS 5.0
CVE-2012-0896 [MEDIUM] Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
Template:
id: CVE-2012-0896
info:
name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
author: daffainfo
severity: medium
description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further compromise of the system.
http://osvdb.org/78270http://packetstormsecurity.org/files/108631/countperday-downloadxss.txthttp://plugins.trac.wordpress.org/changeset/488883/count-per-dayhttp://secunia.com/advisories/47529http://wordpress.org/extend/plugins/count-per-day/changelog/http://www.exploit-db.com/exploits/18355http://www.securityfocus.com/bid/51402https://exchange.xforce.ibmcloud.com/vulnerabilities/72385http://osvdb.org/78270http://packetstormsecurity.org/files/108631/countperday-downloadxss.txthttp://plugins.trac.wordpress.org/changeset/488883/count-per-dayhttp://secunia.com/advisories/47529http://wordpress.org/extend/plugins/count-per-day/changelog/http://www.exploit-db.com/exploits/18355http://www.securityfocus.com/bid/51402https://exchange.xforce.ibmcloud.com/vulnerabilities/72385
2012-01-20
Published