Lucene search
James HookerWPVDB-ID:0A36D2FF-5CF1-4ADE-947A-19EEE48592B0HistoryJan 01, 2015 - 12:00 a.m.
Cart66 Pro <= 1.5.3 - Authenticated Arbitrary File Disclosure
2015-01-0100:00:00
James Hooker
wpscan.com
8
EPSS
0.005
Percentile
75.4%
Ability to change settings with a registered (non-admin) user allows us to trigger an Arbitrary File Disclosure vulnerability with any path of our choosing. One limitation with this vulnerability is that the target user (in the PoC, ‘test’) needs to have an account on the Cart66 installation.
References
Related
prion
prion
Directory traversal
2015-01-02 22:59:00
patchstack
patchstack
WordPress Cart66 Lite Plugin <= 1.5.3 - Directory Traversal
2015-01-02 00:00:00
cve
cve
CVE-2014-9461
2015-01-02 22:59:01
nvd
nvd
CVE-2014-9461
2015-01-02 22:59:01
cvelist
cvelist
CVE-2014-9461
2015-01-02 22:00:00