WordPress WP Online Store Plugin Local File Include and Multiple File Disclosure Vulnerabilities
BID:57963
Info
WordPress WP Online Store Plugin Local File Include and Multiple File Disclosure Vulnerabilities
| Bugtraq ID: | 57963 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2013 12:00AM |
| Updated: | Feb 14 2013 12:00AM |
| Credit: | Charlie Eriksen |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
WordPress WP Online Store Plugin Local File Include and Multiple File Disclosure Vulnerabilities
WP Online Store Plugin for WordPress is prone to a local-file-include and multiple file-disclosure vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary local files within the context of the web server process or obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
WP Online Store 1.3.1 is vulnerable.
WP Online Store Plugin for WordPress is prone to a local-file-include and multiple file-disclosure vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary local files within the context of the web server process or obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
WP Online Store 1.3.1 is vulnerable.
Exploit / POC
WordPress WP Online Store Plugin Local File Include and Multiple File Disclosure Vulnerabilities
Attackers can exploit these issues with a browser.
Attackers can exploit these issues with a browser.
Solution / Fix
WordPress WP Online Store Plugin Local File Include and Multiple File Disclosure Vulnerabilities
Solution:
Updates are available. Please contact the vendor for more information.
Solution:
Updates are available. Please contact the vendor for more information.
References
WordPress WP Online Store Plugin Local File Include and Multiple File Disclosure Vulnerabilities
References:
References:
- WP Online Store (WordPress)