Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 10 Jul 2015 16:28:17 -0400 (EDT)
From: cve-assign@...re.org
To: larry0@...com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5
> Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling
> Vendor: https://profiles.wordpress.org/haet/
> Vendor Notified: 2015-07-05, fixed in version 2.6.
> Vendor Contact: http://wpshopstyling.com
> 
> readfile(HAET_INVOICE_PATH.$_GET['filename']);
> 
> /wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=../../../../../../../../../etc/passwd

> https://wordpress.org/plugins/wp-ecommerce-shop-styling/changelog/
> 2.6: fixed security bug

> https://plugins.trac.wordpress.org/changeset/1193456

Code added in 2.6:

   if( strpos($_GET['filename'], '/') !== FALSE )
       die();
   if( strrpos( strtolower($_GET['filename']), '.pdf') !== strlen($_GET['filename'])-4 )
       die();

Use CVE-2015-5468.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVoCmfAAoJEKllVAevmvmsBY0H/2Mn/yxrMrQxOZe58AssL+SJ
TCeDkR+HtXqXMTi2xrWVUkyJI9db6bMu8RbbHOUz6YOM/CjmLVNrpIpgGro6xvIP
+KW7rynEPnEgg4q+uRfo9C762FiVcWJqlbs4NtfCRCumOi3ZgG2ZIOMeu5ihmjyr
iYkiaS4Rc2Yy6KtUb28iipzLtqDz6FduRbuMvlqb2c53cypQBLPCSrHpE9O5l7Nr
f1jPvxWIiPZzOLu6RrAz6nabuoYFsWLmPfcV+6UKfCFMiSEbAs0b9rUT1pea7Z5P
1xXe70Rh8OYomFG1EuamnD6jJcgQzgTaoSKYXCRh9dteDGnWSsChd624Vo/GuLw=
=g0mR
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ