7 matches found
Wordpress simple-image-manipulator plugin remote file download vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language. simple-image-manipulator is one of the image manipulator plugin. A remote file download vulnerability exists in Wordpress simple-image-manipulator plugin v1.0, which can be exploited by...
Remote file inclusion
Remote file download in simple-image-manipulator v1.0 wordpress plugin...
CVE-2015-1000010
Remote file download in simple-image-manipulator v1.0 wordpress plugin...
WordPress Simple Image Manipulator Plugin 1.0 - Arbitrary File Download
Simple Image Manipulator plugin is prone to an arbitrary file download vulnerability. It allows an attacker to download arbitrary files from the web server and get potentially sensitive information. Solution Upgrade the plugin...
WordPress Simple Image Manipulator 1.0 File Download Vulnerability
WordPress Simple Image Manipulator plugin version 1.0 suffers from an arbitrary remote file download vulnerability. Title: Remote file download in simple-image-manipulator v1.0 wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-07-16 Download Site:...
WordPress Simple Image Manipulator 1.0 File Download
Title: Remote file download in simple-image-manipulator v1.0 wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-07-16 Download Site: https://wordpress.org/plugins/simple-image-manipulator Vendor: https://profiles.wordpress.org/kevartpatel/ Vendor Notified: 2015-07-16 Vendor Contact:...
simple-image-manipulator <= 1.0 - Remote File Download
Plugin is still affected and has been closed. In ./simple-image-manipulator/controller/download.php no checks are made to authenticate the user or sanitize input when determining file location. $ curl...