Lucene search

[email protected]CVE-2015-7669

HistoryDec 27, 2017 - 7:29 p.m.

CVE-2015-7669

2017-12-2719:29:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2015-7669

directory traversal

easy2map plugin

wordpress

remote attack

arbitrary file execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.4%

JSON

Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to “upload file functionality.”

CPENameOperatorVersion
easy2map:easy2mapeasy2maplt1.3.0

CPE	Name	Operator	Version
easy2map:easy2map	easy2map	lt	1.3.0

References

www.securityfocus.com/archive/1/536597/100/0/threaded

wordpress.org/plugins/easy2map/#developers

wpvulndb.com/vulnerabilities/8206

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.4%

JSON

Related for CVE-2015-7669

prion1 securityvulns2 wpvulndb1 packetstorm1 zdt1