Lucene search
+L

CVE-2016-10955

🗓️ 13 Sep 2019 12:17:30Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 145 Views🌐 WEB

The cysteme-finder plugin for WordPress allows unrestricted file upload

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
Circl
CVE-2016-10955
13 Sep 201916:28
circl
CNVD
WordPress cysteme-finder plugin code issue vulnerability
17 Sep 201900:00
cnvd
Cvelist
CVE-2016-10955
13 Sep 201912:17
cvelist
EUVD
EUVD-2016-1946
7 Oct 202500:30
euvd
NVD
CVE-2016-10955
13 Sep 201913:15
nvd
OSV
CVE-2016-10955
13 Sep 201913:15
osv
Prion
Unrestricted file upload
13 Sep 201913:15
prion
RedhatCVE
CVE-2016-10955
9 Jan 202611:14
redhatcve
wpexploit
CYSTEME Finder <= 1.3 - Unauthenticated LFI and Unauthenticated File Upload
24 Aug 201600:00
wpexploit
WPVulnDB
CYSTEME Finder <= 1.3 - Unauthenticated LFI and Unauthenticated File Upload
24 Aug 201600:00
wpvulndb
Rows per page
NVD
Node
cystemecysteme-finderRange<1.4wordpress
ParameterPositionPathDescriptionCWE
wphomequery param/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/var/www/wordpress&cmd=open&init=1&tree=1Unrestricted directory listing via arbitrary wphome value returning root directory dataCWE-434
cmdquery param/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/var/www/wordpress&cmd=open&init=1&tree=1Unrestricted directory listing via arbitrary wphome value returning root directory dataCWE-434
initquery param/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/var/www/wordpress&cmd=open&init=1&tree=1Unrestricted directory listing via arbitrary wphome value returning root directory dataCWE-434
treequery param/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/var/www/wordpress&cmd=open&init=1&tree=1Unrestricted directory listing via arbitrary wphome value returning root directory dataCWE-434
wphomequery param/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/etc&cmd=file&target=l1_cGFzc3dk&download=1File retrieval for arbitrary directory via wphome and download flagCWE-434
cmdquery param/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/etc&cmd=file&target=l1_cGFzc3dk&download=1File retrieval for arbitrary directory via wphome and download flagCWE-434
targetquery param/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/etc&cmd=file&target=l1_cGFzc3dk&download=1File retrieval for arbitrary directory via wphome and download flagCWE-434
downloadquery param/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/etc&cmd=file&target=l1_cGFzc3dk&download=1File retrieval for arbitrary directory via wphome and download flagCWE-434
cmdrequest body/wordpress/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/var/www/wordpress/&wpurl=http://example.comFile upload via multipart/form-data to upload payload (PHP upload of arbitrary file)CWE-434
targetrequest body/wordpress/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/var/www/wordpress/&wpurl=http://example.comFile upload via multipart/form-data to upload payload (PHP upload of arbitrary file)CWE-434
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 00:40Current
9.5High risk
Vulners AI Score9.5
CVSS 27.5
CVSS 3.19.8
EPSS0.02433
145