Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1669

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1669
Last Modified 13 Oct 2011 10:52:16
Published 09 Apr 2011 10:51:20
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1669

Summary

Directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.

Vulnerable Systems

Application

  • Mikoviny Wp Custom Pages 0.5.0.1


References

BID - 47146

XF - wpcustompages-wp-dir-traversal(66559)

EXPLOIT-DB - 17119

MISC - http://www.autosectools.com/Advisories/WordPress.WP.Custom.Pages.0.5.0.1_Local.File.Inclusion_169.html

SECUNIA - 43963

OSVDB - 71707


Last Updated: 27 May 2016 10:56:24