|
Message-ID: <20140730133846.GB9168@kludge.henri.nerv.fi>
Date: Wed, 30 Jul 2014 16:38:46 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE request: WordPress plugin wppageflip index.php
pageflipbook_language parameter traversal local file inclusion
Can I get 2012 CVE for following vulnerability in A Page Flip Book plugin for
WordPress (wppageflip), thanks.
Description:
A Page Flip Book Plugin for WordPress contains a flaw that may allow a remote
attacker to execute arbitrary commands or code. This issue is triggered when
input passed to the wp-content/plugins/wppageflip/pageflipbook.php script from
index.php is not properly sanitizing user input, specifically directory
traversal style attacks (e.g., ../../) supplied to the 'pageflipbook_language'
parameter. This may allow an attacker to include a file from the targeted host
that contains arbitrary commands or code that will be executed by the vulnerable
script. Such attacks are limited due to the script only calling files already on
the target host. In addition, this flaw can potentially be used to disclose the
contents of any file on the system accessible by the web server.
Plugin page: http://wordpress.org/plugins/wppageflip/
Discussion:
http://wordpress.org/support/topic/pageflipbook-pageflipbook_language-parameter-local-file-inclusion
Related:
http://ceriksen.com/2012/07/10/wordpress-a-page-flip-book-plugin-local-file-inclusion-vulnerability/
http://secunia.com/advisories/49505/
I was unable to reproduce this vulnerability in version 3.0 of this plugin so
fixed in the latest version at least. Other versions not tested.
---
Henri Salo
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.