Lucene search
Robert WigginsWPEX-ID:37266611-1923-4FA8-8D9D-9439593051E8HistoryOct 20, 2017 - 12:00 a.m.
Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal
2017-10-2000:00:00
Robert Wiggins
5
Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, “hidden” files e.g. in the web directories could easily enumerated this way. E.g. this could be abused for a “file path/name leakage” in another exploitation chain.
curl 'https://example.com/wp-content/plugins/wp-lister-amazon/js/jqueryFileTree/connectors/jqueryFileTree.php' -d "dir=../../"
Related
wpexploit
wpexploit
Delightful Downloads <= 1.6.6 - Unauthenticated Path Traversal
2017-05-11 00:00:00
Folders Disclosure via Outdated jQueryFileTree Library
2022-03-01 00:00:00
nuclei
nuclei
WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
2021-03-23 12:56:42
checkpoint_advisories
checkpoint_advisories
jQuery File Tree Directory Traversal (CVE-2017-1000170)
2021-04-05 00:00:00
wpvulndb
wpvulndb
Delightful Downloads <= 1.6.6 - Unauthenticated Path Traversal
2017-05-11 00:00:00
Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal
2017-10-20 00:00:00
Folders Disclosure via Outdated jQueryFileTree Library
2022-03-01 00:00:00
patchstack
patchstack
osv
osv
CVE-2017-1000170
2017-11-17 18:29:00
jqueryFileTree vulnerable to Directory Traversal
2022-05-13 01:11:22
veracode
veracode
Directory Traversal
2018-11-16 09:38:26
prion
prion
Directory traversal
2017-11-17 18:29:00
cve
cve
CVE-2017-1000170
2017-11-17 18:29:00
github
github
jqueryFileTree vulnerable to Directory Traversal
2022-05-13 01:11:22
packetstorm
packetstorm
WordPress Delightful Downloads Jquery File Tree 1.6.6 Path Traversal
2021-03-22 00:00:00
exploitdb
exploitdb
zdt
zdt
Related for WPEX-ID:37266611-1923-4FA8-8D9D-9439593051E8