‫ WordPress Thinkun Remind Plugin "dirPath" Remote File Inclusion Vulnerability

IRCAD2012061978
ID: IRCAD2012061978
Release Date: 2012-06-12
Criticality level: Highly critical
 
Software:
WordPress Thinkun Remind Plugin 1.x
 
Description:
Sammy Forgit has discovered a vulnerability in the Thinkun Remind plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "dirPath" parameter in wp-content/plugins/thinkun-remind/exportData.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from remote resources.
The vulnerability is confirmed in version 1.1.3. Other versions may also be affected.
 
Solution
Edit the source code to ensure that input is properly verified.
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 خرداد 1391

امتیاز

امتیاز شما
تعداد امتیازها:0