Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3588

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3588
Last Modified 24 Aug 2012 12:00:00
Published 19 Jun 2012 04:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3588

Summary

Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter.

Vulnerable Systems

Application

  • Wordpress Plugin Newsletter Plugin 1.5


References

XF - newsletter-preview-file-disclosure(76171)

MISC - http://www.opensyscom.fr/Actualites/wordpress-plugins-plugin-newsletter-remote-file-disclosure-vulnerability.html

EXPLOIT-DB - 19018

SECUNIA - 49464


Last Updated: 27 May 2016 10:56:32