Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 10 Jul 2015 16:32:38 -0400 (EDT)
From: cve-assign@...re.org
To: larry0@...com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Title: Remote file download vulnerability in ibs-Mappro v0.6 Wordpress plugin
> Download Site: https://wordpress.org/plugins/ibs-mappro/
> Vendor: Hmoore71
> Vendor Notified: 2015-07-08, resolved in v1.0.
> Advisory: http://www.vapid.dhs.org/advisory.php?v=137

> $filename = $_GET['file'];
> readfile($filename);

> https://wordpress.org/plugins/ibs-mappro/changelog/
> 07-08/2015 Version 1.0 Fix download exposure.

> https://plugins.trac.wordpress.org/changeset/1195039

Use CVE-2015-5472.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVoCm0AAoJEKllVAevmvmsi7oH/RYvvpYWLIKvpSndZRy0yUlJ
g7XBb0DGUHP0HUKU0TJMD7k7IrWeh2yIwwphoTkHdbFbo8UJEgiTSjlr/+S8j1OD
hdqPw2HvbkLfTkEC5NkurulbUaaKPNrXYggPjqPWVoM8HYgtoM+yVMWf3UiqggOB
yN61lCrKzmeXMrKRQftfQwKPYSYhs28ayPhO0AxEWgIeNctxHVul0csePZIh399b
vGWK34KS85r+dKAXuXsFG62as+Ci7gPM4xpTDO4gJynI5z2od2l7loFkzYYZrDFb
ZuTryXyyzvrbQUOfQXEwy+ZT8iCXv64Asp1Ra0AY+gORmgxjI5AMgefl9b0F9Yo=
=vFs+
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ