CVE-2015-5065
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
86.7%
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| intelligent-it | paypal_currency_converter_basic_for_woocommerce | * | cpe:2.3:a:intelligent-it:paypal_currency_converter_basic_for_woocommerce:*:*:*:*:*:wordpress:*:* |
References
packetstormsecurity.com/files/132278/WordPress-Paypal-Currency-Converter-Basic-For-Woocommerce-1.3-File-Read.html
www.securityfocus.com/bid/75416
plugins.trac.wordpress.org/changeset/1179092/paypal-currency-converter-basic-for-woocommerce
wordpress.org/plugins/paypal-currency-converter-basic-for-woocommerce/changelog/
www.exploit-db.com/exploits/37253/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
86.7%