CVE-2014-4940
published 2014-07-11CVE-2014-4940: Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot…
PriorityP343medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
18.73%
96.9th percentile
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tera_charts_plugin_project | tera-charts | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Tera Charts (tera-charts) - '/charts/treemap.php?fn' Directory Traversal
exploitdb·2014-05-28
CVE-2014-4940 WordPress Plugin Tera Charts (tera-charts) - '/charts/treemap.php?fn' Directory Traversal
WordPress Plugin Tera Charts (tera-charts) - '/charts/treemap.php?fn' Directory Traversal
---
source: https://www.securityfocus.com/bid/68662/info
Tera Charts plugin for WordPress is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to obtain potentially sensitive information; other attacks are also possible.
Tera Charts 0.1 is vulnerable; other versions may also be affected.
http://www.example.com/wordpress_vuln_check/wp-content/plugins/tera-charts/charts/treemap.php?fn=../../../../../etc/passwd
http://www.example.com/wordpress_vuln_check/wp-content/plugins/tera-charts/charts/treemap.php?fn=../../../../../etc/passwd
Exploit-DB
WordPress Plugin Tera Charts (tera-charts) - '/charts/zoomabletreemap.php?fn' Directory Traversal
exploitdb·2014-05-28
CVE-2014-4940 WordPress Plugin Tera Charts (tera-charts) - '/charts/zoomabletreemap.php?fn' Directory Traversal
WordPress Plugin Tera Charts (tera-charts) - '/charts/zoomabletreemap.php?fn' Directory Traversal
---
source: https://www.securityfocus.com/bid/68662/info
Tera Charts plugin for WordPress is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to obtain potentially sensitive information; other attacks are also possible.
Tera Charts 0.1 is vulnerable; other versions may also be affected.
http://www.example.com/wp_test/wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=../../../../../etc/passwd
Nuclei
WordPress Plugin Tera Charts - Local File Inclusion
nuclei·CVSS 5.0
CVE-2014-4940 [MEDIUM] WordPress Plugin Tera Charts - Local File Inclusion
WordPress Plugin Tera Charts - Local File Inclusion
Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
Template:
id: CVE-2014-4940
info:
name: WordPress Plugin Tera Charts - Local File Inclusion
author: daffainfo
severity: medium
description: Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server.
remediation: |
Upd
http://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=851874%40tera-charts&old=799253%40tera-charts&sfp_email=&sfph_mail=http://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=851874%40tera-charts&old=799253%40tera-charts&sfp_email=&sfph_mail=
2014-07-11
Published