5
CVE-2017-2245
- EPSS 2.57%
- Veröffentlicht 07.07.2017 13:29:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginWordPress Shortcodes Plugin — Shortcodes Ultimate < 4.10.0 - Directory Traversal
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.
Mögliche Gegenmaßnahme
Shortcodes Ultimate – Content Elements: Update to version 4.10.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getshortcodes ≫ Shortcodes Ultimate SwPlatformwordpress Version <= 4.9.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Shortcodes Ultimate – Content Elements
Version
[*, 4.10.0)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.57% | 0.831 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 3.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
http://www.securityfocus.com/bid/99495
https://jvn.jp/en/jp/JVN63249051/index.html
https://plugins.trac.wordpress.org/changeset/1684377/#file217
https://wordpress.org/plugins/shortcodes-ultimate/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/58a4cb88-033e-48f4-b6fa-2a9754ab6a7f