Lucene search
MitreVULNRICHMENT:CVE-2017-17058HistoryNov 29, 2017 - 7:00 a.m.
CVE-2017-17058
2017-11-2907:00:00
mitre
github.com
3
AI Score
7.4
Confidence
Low
EPSS
0.005
Percentile
76.5%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have “if (!defined(‘ABSPATH’)) {exit;}” code
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:automattic:woocommerce:*:*:*:*:*:wordpress:*:*"
],
"vendor": "automattic",
"product": "woocommerce",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.2.6"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
CVE-2017-17058
2017-11-29 07:00:00
exploitdb
exploitdb
WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal
2017-11-28 00:00:00
seebug
seebug
WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal(CVE-2017-17058)
2017-12-01 00:00:00
prion
prion
Directory traversal
2017-11-29 07:29:00
zdt
zdt
WordPress WooCommerce 2.0/3.0 Plugin - Directory Traversal Vulnerability
2017-12-01 00:00:00
cve
cve
CVE-2017-17058
2017-11-29 07:29:00
packetstorm
packetstorm
WordPress WooCommerce 2.0 / 3.0 Directory Traversal
2017-11-30 00:00:00
nvd
nvd
CVE-2017-17058
2017-11-29 07:29:00
AI Score
7.4
Confidence
Low
EPSS
0.005
Percentile
76.5%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2017-17058