Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Jul 2014 16:38:46 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE request: WordPress plugin wppageflip index.php
 pageflipbook_language parameter traversal local file inclusion

Can I get 2012 CVE for following vulnerability in A Page Flip Book plugin for
WordPress (wppageflip), thanks.

Description:

A Page Flip Book Plugin for WordPress contains a flaw that may allow a remote
attacker to execute arbitrary commands or code. This issue is triggered when
input passed to the wp-content/plugins/wppageflip/pageflipbook.php script from
index.php is not properly sanitizing user input, specifically directory
traversal style attacks (e.g., ../../) supplied to the 'pageflipbook_language'
parameter. This may allow an attacker to include a file from the targeted host
that contains arbitrary commands or code that will be executed by the vulnerable
script. Such attacks are limited due to the script only calling files already on
the target host. In addition, this flaw can potentially be used to disclose the
contents of any file on the system accessible by the web server.

Plugin page: http://wordpress.org/plugins/wppageflip/
Discussion:
http://wordpress.org/support/topic/pageflipbook-pageflipbook_language-parameter-local-file-inclusion
Related:
http://ceriksen.com/2012/07/10/wordpress-a-page-flip-book-plugin-local-file-inclusion-vulnerability/
http://secunia.com/advisories/49505/

I was unable to reproduce this vulnerability in version 3.0 of this plugin so
fixed in the latest version at least. Other versions not tested.

---
Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ