CVE-2014-4577
published 2014-10-21CVE-2014-4577: Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote…
PriorityP336medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.75%
88.5th percentile
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| websupporter | wp_amasin_the_amazon_affiliate_shop | <= 0.9.6 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SERVER Generic PHP Remote File Include
suricata·2014-12-17
CVE-2002-0953 ET WEB_SERVER Generic PHP Remote File Include
ET WEB_SERVER Generic PHP Remote File Include
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Generic PHP Remote File Include"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"allow_url_include"; http.uri.raw; content:"php|3a 2f 2f|input"; http.request_body; content:"<?php"; fast_pattern; reference:cve,2002-0953; reference:cve,2024-4577; classtype:attempted-user; sid:2019957; rev:6; metadata:affected_product Any, attack_target Server, created_at 2014_12_17, deployment Datacenter, confidence High, signature_severity Major, tag Remote_File_Include, updated_at 2024_06_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Nuclei
WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion
nuclei·CVSS 5.0
CVE-2014-4577 [MEDIUM] WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion
WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.
Template:
id: CVE-2014-4577
info:
name: WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion
author: DhiyaneshDK
severity: medium
description: |
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.
impact: |
Attackers can read arbitrary files including configuration files, database credentials, and sensitive system files, po
No writeups or analysis indexed.
http://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusionhttp://plugins.svn.wordpress.org/wp-amasin-the-amazon-affiliate-shop/trunk/readme.txthttp://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusionhttp://plugins.svn.wordpress.org/wp-amasin-the-amazon-affiliate-shop/trunk/readme.txt
2014-10-21
Published