WordPress Ajax Store Locator Plugin Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Ajax Store Locator Plugin and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attacker to read arbitrary files on the target system. Impact Level: System/Application

Solution

No solution or patch is available as of 20th February, 2015. Information regarding this issue will updated once the solution details are available. For updates refer to http://codecanyon.net/item/ajax-store-locator-wordpress/5293356

Insight

Input passed via the 'download_file' parameter to the sl_file_download.php script is not properly sanitized before being returned to the user.

Affected

WordPress Ajax Store Locator version 1.2 and prior.

Detection

Send a crafted data via HTTP GET request and check whether it is possible to read a local file

References

http://osvdb.org/115595
http://www.exploit-db.com/exploits/35493

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Apache Struts Cross Site Scripting Vulnerability
AlienForm CGI script
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability

Take action and discover your vulnerabilities