CVE-2015-9406
published 2019-09-20CVE-2015-9406: Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files…
PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
55.01%
98.9th percentile
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mtheme-unus_project | mtheme-unus | < 2.3 | 2.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to css/css.php with a 'files' parameter containing directory traversal sequences (.. dot dot) targeting wp-config.php ↗
- →Response body containing both 'DB_NAME' and 'DB_PASSWORD' strings indicates successful exploitation and wp-config.php disclosure ↗
- →FOFA/asset discovery query to identify vulnerable WordPress installations running the mTheme-Unus theme ↗
- ·Vulnerability is only present in mTheme-Unus versions prior to 2.3; version 2.3 and later are patched ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6p7x-576h-vxwx: Directory traversal vulnerability in the mTheme-Unus theme before 2
ghsa_unreviewed·2022-05-24
CVE-2015-9406 [HIGH] CWE-22 GHSA-6p7x-576h-vxwx: Directory traversal vulnerability in the mTheme-Unus theme before 2
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
VulnCheck
mtheme-unus_project mtheme-unus Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2015·CVSS 7.5
CVE-2015-9406 [HIGH] mtheme-unus_project mtheme-unus Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
mtheme-unus_project mtheme-unus Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.
Affected: mtheme-unus_project mtheme-unus
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-database-credentials/; https://tracker.crowdsec.net/cves/CVE-2015-9406
No detection rules found.
Nuclei
mTheme Unus < 2.3 - Directory Traversal
nuclei·CVSS 7.5
CVE-2015-9406 [HIGH] mTheme Unus < 2.3 - Directory Traversal
mTheme Unus < 2.3 - Directory Traversal
The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences.
Template:
id: CVE-2015-9406
info:
name: mTheme Unus < 2.3 - Directory Traversal
author: pussycat0x,dhiyaneshDk
severity: high
description: |
The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences.
impact: |
Attackers can read sensitive files including database credentials and configuration files, potentially leading to full site compromise.
remediation: Upgrad
Metasploit
WordPress Mobile Edition File Read Vulnerability
metasploit
WordPress Mobile Edition File Read Vulnerability
WordPress Mobile Edition File Read Vulnerability
This module exploits a directory traversal vulnerability in WordPress Plugin "WP Mobile Edition" version 2.2.7, allowing to read arbitrary files with the web server privileges.
2019-09-20
Published
Exploited in the wild