Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 31 Jul 2014 11:45:09 -0400 (EDT)
From: cve-assign@...re.org
To: henri@...v.fi
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Can I get 2012 CVE for following vulnerability in A Page Flip Book plugin for
> WordPress (wppageflip)
> 
> http://wordpress.org/support/topic/pageflipbook-pageflipbook_language-parameter-local-file-inclusion
> http://ceriksen.com/2012/07/10/wordpress-a-page-flip-book-plugin-local-file-inclusion-vulnerability/
> 
> input passed to the wp-content/plugins/wppageflip/pageflipbook.php script from
> index.php is not properly sanitizing user input, specifically directory
> traversal style attacks (e.g., ../../) supplied to the 'pageflipbook_language'
> parameter

The wording seems a bit garbled ("is not properly sanitizing user input" should
probably be "is not properly sanitized") but it's fairly obvious what is meant.

Use CVE-2012-6652.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT2mO5AAoJEKllVAevmvmsGCwH/iYX5kdurISZLd3nYpBiGhHG
ITPJbO7rTWqm7VcalPBUKSYkdzZcav5flA/zxm79A/v4uC+rgr7+tPbCjCQaVcHF
4RwOt/T9EClb5sDSBh3d308byiTavEqO1iIONsirQriJLzOvXZJsIAzdVv2EGnFD
eEUNueyu6izaFTW4uYIkfwSZCoJw9Kbkdb0Jo8e16KJdFHtzkolEwQdSk/9Jzk51
yVrQrAOmVHizdeuR471/Zm8g1GXsIYGf96HfM5J5s7vEdk1rEwPHICMH/EU9Hpjg
LjleUoNYyVv+Lz0sDZNZjwvG6sPGeX8J98PHLSrFf2SFrPCf+V5CthjVQslMROA=
=EuG/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ