WordPress Plugin WP Publication Archive 2.0.1 – ‘file’ Information Disclosure

Exploit Database
17 阅读

作者： AutoSec Tools

日期： 2011-01-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35263/

source: https://www.securityfocus.com/bid/46000/info

The WP Publication Archive Plugin for WordPress is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data.

An attacker can exploit this issue to download arbitrary files from the affected application. This may allow the attacker to obtain sensitive information; other attacks are also possible.

WP Publication Archive 2.0.1 is vulnerable; other versions may also be affected. 

http://www.example.com/wordpress/wp-content/plugins/wp-publication-archive/includes/openfile.php?file=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../windows/win.ini

last Exploits
WordPress Plugin WP Publication Archive 2.0.1 – ‘file’ Information Disclosure的更多信息

WordPress Plugin Photo Album Plus 4.1.1 – SQL Injection：
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure：
Joomla! Component com_jmsfileseller – Local File Inclusion：
SyndeoCMS 2.8.02 – Multiple Vulnerabilities (2)：
ESC 8832 Data Controller – Multiple Vulnerabilities：
Matterdaddy Market – Multiple Vulnerabilities：
WordPress Plugin FB Gorilla – ‘game_play.php’ SQL Injection：
Parnian Opendata CMS – SQL Injection：