CVE-2013-7240
published 2014-01-03CVE-2013-7240: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a…
PriorityP344medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
19.64%
97.1th percentile
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| westerndeal | advanced_dewplayer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal
exploitdb·2013-12-30
CVE-2013-7240 WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal
WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal
---
source: https://www.securityfocus.com/bid/64587/info
The Advanced Dewplayer plugin for WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
Advanced Dewplayer 1.2 is vulnerable; other versions may also be affected.
http://www.example.com/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php
Nuclei
WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
nuclei·CVSS 5.0
CVE-2013-7240 [MEDIUM] WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
Template:
id: CVE-2013-7240
info:
name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
author: daffainfo
severity: medium
description: A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
impact: |
An attacker can exploit this vulnerability to access sensitive files, potentially leading to unauthorized disclosure of sensitive information.
remediation: |
Update to th
No writeups or analysis indexed.
http://seclists.org/oss-sec/2013/q4/566http://seclists.org/oss-sec/2013/q4/570http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversalhttp://www.securityfocus.com/bid/64587http://seclists.org/oss-sec/2013/q4/566http://seclists.org/oss-sec/2013/q4/570http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversalhttp://www.securityfocus.com/bid/64587
2014-01-03
Published