Lucene search
Iberia Medeiros1337DAY-ID-24367HistoryOct 06, 2015 - 12:00 a.m.
WordPress Easy2Map 1.2.9 Vulnerabilities
2015-10-0600:00:00
Iberia Medeiros
0day.today
21
0.005 Low
EPSS
Percentile
74.8%
Exploit for php platform in category web applications
Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin
CVE: CVE-2015-7669
Vendor: Steven Ellis
Product: Easy2Map
Affected version: 1.2.9
Fixed version: 1.3.0
Reported by: IbΓ©ria Medeiros
Vulnerability Details:
=====================
It was discovered that no protection against two Path/Directory Traversal (PT/DT) and/or Local File Inclusion (LFI) attacks was implemented, resulting in an attacker being able to access to files from website directory and/or file system directory (PT/DT); and/or access to files that were previously stored in computer victim, by a upload file functionality, then execute them in computer victim.
The Easy2Map version 1.2.9 WordPress plugin is vulnerable to 2 PT/DT and/or LFI vulnerabilities.
The includes/MapImportCSV2.php and includes/MapImportCSV.php files are vulnerable to Path or Directory Traversal (PT/DT) and/or Local File Inclusion (LFI) attacks via $_FILES["csvfile"]['tmp_name'] parameter.
It was discovered that no protection against a reflected XSS attacks was implemented, resulting in an attacker being able to retrive user data from end user, such as session cookies.
The Easy2Map version 1.2.9 WordPress plugin is vulnerable to 1 reflected XSS vulnerability.
The includes/MapPinImageSave.php file is vulnerable to Cross-site.scripting (XSS) attacks via $_GET["map_id"] parameter.
System affected:
===============
Any system that access to a web site developed by WordPress CMS version 4.3.1 or earlier and uses the Easy2Map version 1.2.9 or earlier.
Advisory:
========
https://wordpress.org/plugins/easy2map/changelog/
item: "Increased data sanitization logic, for improved plugin security."
Solution:
========
Update to Easy2Map version 1.3.0 plugin.
https://wordpress.org/plugins/easy2map/
Disclosure Timeline:
===================
Vendor notification: September 22, 2015
Vendor fixed vulnerability: October 4, 2015
Public advisory: October 4, 2015
Public disclosure: October 4, 2015
# 0day.today [2018-04-11] #Related
prion
prion
Directory traversal
2017-12-27 19:29:00
Cross site scripting
2017-12-27 19:29:00
securityvulns
securityvulns
cve
cve
CVE-2015-7669
2017-12-27 19:29:00
CVE-2015-7668
2017-12-27 19:29:00
wpvulndb
wpvulndb
Easy2Map <= 1.2.9 - Local File Inclusion
2015-10-05 00:00:00
Easy2Map <= 1.2.9 - Reflected Cross-Site Scripting (XSS)
2015-10-05 00:00:00
packetstorm
packetstorm
WordPress Easy2Map 1.2.9 Local File Inclusion / Directory Traversal
2015-10-06 00:00:00
WordPress Easy2Map 1.2.9 Cross Site Scripting
2015-10-06 00:00:00