WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Include Vulnerability
BID:51636
Info
WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Include Vulnerability
| Bugtraq ID: | 51636 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0934 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 23 2012 12:00AM |
| Updated: | Feb 01 2012 11:30AM |
| Credit: | Ben Schmidt |
| Vulnerable: |
WordPress Theme Tuner 0.7 |
| Not Vulnerable: |
WordPress Theme Tuner 0.8 |
Discussion
WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Include Vulnerability
The Theme Tuner plug-in for WordPress is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Theme Tuner 0.7 is vulnerable; other versions may also be affected.
The Theme Tuner plug-in for WordPress is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks are also possible.
Theme Tuner 0.7 is vulnerable; other versions may also be affected.
Exploit / POC
WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Include Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Include Vulnerability
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Include Vulnerability
References:
References:
- Theme Tuner changelog (WordPress)
- Theme Tuner plugin (WordPress)
- WordPress Homepage (WordPress)