CVE-2014-5465

2014-09-0319:55:03

CWE-22

[email protected]

web.nvd.nist.gov

cve

2014

5465

directory traversal

force-download.php

download shortcode plugin

wordpress

remote attackers

arbitrary files

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.075 Low

EPSS

Percentile

94.1%

JSON

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a … (dot dot) in the file parameter.

Affected configurations

NVD

Node

werdswordsdownload_shortcodeRange≤0.2.3wordpress

werdswordsdownload_shortcodeMatch0.1wordpress

werdswordsdownload_shortcodeMatch0.2wordpress

werdswordsdownload_shortcodeMatch0.2.2wordpress

CPENameOperatorVersion
werdswords:download_shortcodewerdswords download shortcodele0.2.3
werdswords:download_shortcodewerdswords download shortcodeeq0.1
werdswords:download_shortcodewerdswords download shortcodeeq0.2
werdswords:download_shortcodewerdswords download shortcodeeq0.2.2

CPE	Name	Operator	Version
werdswords:download_shortcode	werdswords download shortcode	le	0.2.3
werdswords:download_shortcode	werdswords download shortcode	eq	0.1
werdswords:download_shortcode	werdswords download shortcode	eq	0.2
werdswords:download_shortcode	werdswords download shortcode	eq	0.2.2