WordPress Trinity Theme 'download.php' Arbitrary File Download Vulnerabilitiy
BID:69759
Info
WordPress Trinity Theme 'download.php' Arbitrary File Download Vulnerabilitiy
| Bugtraq ID: | 69759 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 09 2014 12:00AM |
| Updated: | Sep 09 2014 12:00AM |
| Credit: | Mr.Doel |
| Vulnerable: |
ChurchThemes Trinity 0 |
| Not Vulnerable: | |
Discussion
WordPress Trinity Theme 'download.php' Arbitrary File Download Vulnerabilitiy
Trinity theme for Wordpress is prone to an arbitrary file-download vulnerability.
An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially sensitive information.
Trinity theme for Wordpress is prone to an arbitrary file-download vulnerability.
An attacker can exploit this issue to download arbitrary files from the web server and obtain potentially sensitive information.
Exploit / POC
WordPress Trinity Theme 'download.php' Arbitrary File Download Vulnerabilitiy
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/wp-content/themes/trinity/lib/scripts/download.php?file=/etc/passwd
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/wp-content/themes/trinity/lib/scripts/download.php?file=/etc/passwd
Solution / Fix
WordPress Trinity Theme 'download.php' Arbitrary File Download Vulnerabilitiy
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WordPress Trinity Theme 'download.php' Arbitrary File Download Vulnerabilitiy
References:
References:
- Trinity Home Page (ChurchThemes)
- WordPress Homepage (WordPress)