‫ WordPress Zingiri Web Shop Plugin "abspath" Remote File Inclusion Vulnerability

IRCAD2012072037
ID: IRCAD2012072037
Release Date: 2012-07-02
Criticality level: Highly critical
 
Software:
WordPress Zingiri Web Shop Plugin 2.x
 
Description:
Charlie Eriksen has discovered a vulnerability in the Zingiri Web Shop plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
Input passed via the "abspath" parameter to wp-content/plugins/zingiri-web-shop/fws/download.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
The vulnerability is confirmed in version 2.4.6. Other versions may also be affected.
 
Solution
Update to version 2.4.7.
 
References:
Zingiri Web Shop:
 
Secunia:
http://secunia.com/advisories/49676/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 13 تیر 1391

امتیاز

امتیاز شما
تعداد امتیازها:0