5

CVE-2014-9734

Exploit

Slider Revolution <= 4.1.4 - Directory Traversal

Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.
Mögliche Gegenmaßnahme
Slider Revolution: Update to version 4.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ThemepunchSlider Revolution SwPlatformwordpress Version <= 4.1.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Slider Revolution
Version *-4.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.63% 0.972
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://marketblog.envato.com/news/affected-themes/
http://marketblog.envato.com/news/plugin-vulnerability/
http://packetstormsecurity.com/files/132366/WordPress-Revslider-4.2.2-XSS-Information-Disclosure.html
Exploit
http://www.exploit-db.com/exploits/34511
Exploit
https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
Exploit
https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
Exploit
https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/cb8eea53-64d1-4375-9364-292b96080f68
Third Party Advisory