CVE-2017-1002008
published 2017-09-14CVE-2017-1002008: Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
16.93%
96.7th percentile
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| membership_simplified_project | membership_simplified | — | — |
| william_deangelis | membership-simplified-for-oap-members-only | >= unspecified < 1.58 | 1.58 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to the plugin's download.php endpoint containing 'download_file=' parameter with path traversal sequences (e.g., '..././') — unauthenticated access to this endpoint is the exploit vector. ↗
- →Alert on requests to download.php that return HTTP 200 without any session/authentication cookie, as the plugin performs no login or privilege check. ↗
- →Detect the obfuscated path traversal pattern '..././' (dot-dot-slash with embedded dot) used to bypass naive traversal filters when targeting wp-config.php or /etc/passwd. ↗
- ·The vulnerability only affects version 1.58 of the plugin; sites running a patched or updated version are not affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.vapidlabs.com/advisory.php?v=187https://wordpress.org/plugins/membership-simplified-for-oap-members-onlyhttps://wpvulndb.com/vulnerabilities/8777https://www.exploit-db.com/exploits/41622/http://www.vapidlabs.com/advisory.php?v=187https://wordpress.org/plugins/membership-simplified-for-oap-members-onlyhttps://wpvulndb.com/vulnerabilities/8777https://www.exploit-db.com/exploits/41622/
2017-09-14
Published