CVE-2017-17058
Summary
| CVE | CVE-2017-17058 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-11-29 07:29:00 UTC |
| Updated | 2023-11-07 02:41:00 UTC |
| Description | ** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Automattic | Woocommerce | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal - PHP webapps Exploit | EXPLOIT-DB | www.exploit-db.com | Third Party Advisory, VDB Entry |
| intext:/wp-content/plugins/woocommerce/templates/emails/plain/ - Sensitive Directories GHDB Google Dork | MISC | www.exploit-db.com | Third Party Advisory, VDB Entry |
| Does WC have a directory transversal vulnerability? · Issue #17964 · woocommerce/woocommerce · GitHub | MISC | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.