5
CVE-2014-100009
- EPSS 2.16%
- Veröffentlicht 13.01.2015 11:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginJS Multi Hotel <= 2.2.1 - Full Path Disclosure
The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5) widget.php, (6) phpthumb/GdThumb.inc.php, or (7) phpthumb/thumb_plugins/gd_reflection.inc.php in includes/.
Mögliche Gegenmaßnahme
JS Multi Hotel: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Joomlaskin ≫ Js Multi Hotel SwPlatformwordpress Version <= 2.2.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
JS Multi Hotel
Version
*-2.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.16% | 0.798 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://packetstormsecurity.com/files/125959
http://websecurity.com.ua/7087/
https://www.wordfence.com/threat-intel/vulnerabilities/id/085ea0e9-5b00-4038-a01b-2aebd0aa0809