Lucene search
MitreCVE-2014-9461HistoryJan 02, 2015 - 10:59 p.m.
CVE-2014-9461
2015-01-0222:59:01
CWE-22
mitre
web.nvd.nist.gov
26
cve-2014-9461
directory traversal
cart66 lite plugin
wordpress
remote authenticated users
arbitrary files
nvd
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.005
Percentile
75.4%
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a … (dot dot) in the member_download action to wp-admin/admin-ajax.php.
Affected configurations
Node
reality66cart66_liteRange≤1.5.3wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| reality66 | cart66_lite | * | cpe:2.3:a:reality66:cart66_lite:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
Cart66 Pro <= 1.5.3 - Authenticated Arbitrary File Disclosure
2015-01-01 00:00:00
prion
prion
Directory traversal
2015-01-02 22:59:00
patchstack
patchstack
WordPress Cart66 Lite Plugin <= 1.5.3 - Directory Traversal
2015-01-02 00:00:00
nvd
nvd
CVE-2014-9461
2015-01-02 22:59:01
cvelist
cvelist
CVE-2014-9461
2015-01-02 22:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.005
Percentile
75.4%
Related for CVE-2014-9461