Date: Wed, 30 Jul 2014 16:38:46 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion Can I get 2012 CVE for following vulnerability in A Page Flip Book plugin for WordPress (wppageflip), thanks. Description: A Page Flip Book Plugin for WordPress contains a flaw that may allow a remote attacker to execute arbitrary commands or code. This issue is triggered when input passed to the wp-content/plugins/wppageflip/pageflipbook.php script from index.php is not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'pageflipbook_language' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server. Plugin page: http://wordpress.org/plugins/wppageflip/ Discussion: http://wordpress.org/support/topic/pageflipbook-pageflipbook_language-parameter-local-file-inclusion Related: http://ceriksen.com/2012/07/10/wordpress-a-page-flip-book-plugin-local-file-inclusion-vulnerability/ http://secunia.com/advisories/49505/ I was unable to reproduce this vulnerability in version 3.0 of this plugin so fixed in the latest version at least. Other versions not tested. --- Henri Salo Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.