cbcvebase.
CVE-2018-9118
published 2018-04-12

CVE-2018-9118: exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename…

PriorityP278high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
48.16%
98.7th percentile
exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
99robotswp_background_takeover_advertisements< 4.1.54.1.5

Detection & IOCsextracted from sources · hover to see the quote

url/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php
path/wp-content/plugins/wpsite-background-takeover/exports/download.php
  • Look for GET requests to exports/download.php with a 'filename' parameter containing directory traversal sequences (../) targeting wp-config.php or other sensitive files.
  • Response bodies containing all of 'DB_NAME', 'DB_PASSWORD', 'DB_HOST', and 'The base configurations of the WordPress' indicate successful exploitation and wp-config.php exfiltration.
  • Use Google dork 'inurl:/plugins/wpsite-background-takeover' to identify potentially vulnerable WordPress installations exposed on the internet.
  • ·The vulnerability affects plugin versions <= 4.1.4 only; version 4.1.5 and above are patched. Ensure version checks are included in detection logic to reduce false positives on patched installations.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.