2 matches found
CVE-2014-8585
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the fname parameter to 1 views/filedownload.php or 2 filedownload.php...
CVE-2014-8585
CVE-2014-8585 affects the WordPress Download Manager plugin. A directory traversal flaw in fname (via views/file_download.php or file_download.php) allows remote attackers to read arbitrary files. Root cause is improper validation of the fname parameter, enabling access to unintended filesystem p...