Lucene search

[email protected]CVE-2015-4153

HistoryJun 10, 2015 - 6:59 p.m.

CVE-2015-4153

2015-06-1018:59:00

CWE-22

[email protected]

web.nvd.nist.gov

security

vulnerability

zm ajax

wordpress

cve-2015-4153

nvd

9.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.083 Low

EPSS

Percentile

94.3%

JSON

Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.

CPENameOperatorVersion
zanematthew:zm_ajax_login_\&_registerzanematthew zm ajax login \& registerle1.0.9

CPE	Name	Operator	Version
zanematthew:zm_ajax_login_\&_register	zanematthew zm ajax login \& register	le	1.0.9

References

packetstormsecurity.com/files/132172/WordPress-zM-Ajax-Login-Register-1.0.9-Local-File-Inclusion.html

www.securityfocus.com/archive/1/535682/100/0/threaded

www.securityfocus.com/bid/75041

security.gentoo.org/glsa/201512-10

wordpress.org/plugins/zm-ajax-login-register/changelog/

www.exploit-db.com/exploits/37200/

9.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.083 Low

EPSS

Percentile

94.3%

JSON

Related for CVE-2015-4153

patchstack1 zdt1 prion1 packetstorm1 exploitpack1 securityvulns2 wpvulndb1 exploitdb1 nessus1 openvas1 gentoo1