2 matches found
WP Online Store Plugin for WordPress Multiple Parameter File Disclosure
The WP Online Store Plugin for WordPress installed on the remote host is affected by an information disclosure vulnerability due to a failure to properly sanitize user-supplied input to the 'turl' and 'file' parameters. An unauthenticated, remote attacker can exploit this to view arbitrary files ...
eLouai's Force Download Script file Parameter File Disclosure
The version of eLouai's Force Download Script hosted on the remote web server does not sanitize user-supplied input to the 'file' parameter before using it to return the contents of a file. An unauthenticated, remote attacker can exploit this issue to disclose the contents of sensitive files on t...