CVE-2014-5368
published 2014-08-22CVE-2014-5368: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin…
PriorityP344medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
18.82%
96.9th percentile
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wp_content_source_control_project | wp_content_source_control | <= 3.0.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin WP Content Source Control - 'download.php' Directory Traversal
exploitdb·2014-08-19
CVE-2014-5368 WordPress Plugin WP Content Source Control - 'download.php' Directory Traversal
WordPress Plugin WP Content Source Control - 'download.php' Directory Traversal
---
source: https://www.securityfocus.com/bid/69278/info
WP Content Source Control plugin for WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
WP Content Source Control 3.0.0 is vulnerable; other versions may also be affected.
www.example.com/wp-content/plugins/wp-source-control/downloadfiles/download.php?path=../../../../wp-config.php
Nuclei
WordPress Plugin WP Content Source Control - Directory Traversal
nuclei·CVSS 5.0
CVE-2014-5368 [MEDIUM] WordPress Plugin WP Content Source Control - Directory Traversal
WordPress Plugin WP Content Source Control - Directory Traversal
A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
Template:
id: CVE-2014-5368
info:
name: WordPress Plugin WP Content Source Control - Directory Traversal
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
impact: |
An a
http://seclists.org/oss-sec/2014/q3/407http://seclists.org/oss-sec/2014/q3/417http://www.securityfocus.com/bid/69278https://exchange.xforce.ibmcloud.com/vulnerabilities/95374http://seclists.org/oss-sec/2014/q3/407http://seclists.org/oss-sec/2014/q3/417http://www.securityfocus.com/bid/69278https://exchange.xforce.ibmcloud.com/vulnerabilities/95374
2014-08-22
Published