CVE-2014-5181
published 2014-08-06CVE-2014-5181: Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.26%
89.8th percentile
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| last.fm_rotation_plugin_project | lastfm-rotation_plugin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Last.fm Rotation 1.0 - Path Traversal
nuclei·CVSS 5.0
CVE-2014-5181 [MEDIUM] Last.fm Rotation 1.0 - Path Traversal
Last.fm Rotation 1.0 - Path Traversal
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.
Template:
id: CVE-2014-5181
info:
name: Last.fm Rotation 1.0 - Path Traversal
author: DhiyaneshDK
severity: medium
description: |
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.
impact: |
Remote attackers can read arbitrary files on the server, potentially leading to information disclosure or further exploitation.
remediation: |
Update to the latest version of the plugin or apply
2014-08-06
Published