Lucene search

[email protected]CVE-2014-8606

HistoryJun 10, 2015 - 6:59 p.m.

CVE-2014-8606

2015-06-1018:59:03

CWE-22

[email protected]

web.nvd.nist.gov

cve

2014

8606

directory traversal

xcloner

wordpress

joomla

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.0%

JSON

Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a … (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.

Affected configurations

NVD

Node

xclonerxclonerMatch3.1.1wordpress

xclonerxclonerMatch3.5.1joomla\!

CPENameOperatorVersion
xcloner:xclonerxclonereq3.1.1
xcloner:xclonerxclonereq3.5.1

CPE	Name	Operator	Version
xcloner:xcloner	xcloner	eq	3.1.1
xcloner:xcloner	xcloner	eq	3.5.1

References

www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/

www.vapid.dhs.org/advisory.php?v=110

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.0%

JSON

Related for CVE-2014-8606

cvelist1 prion1 patchstack1 nvd1 packetstorm1 wpvulndb1 securityvulns1