WordPress Browser Rejector Plugin Remote File Inclusion Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Browser Rejector Plugin and is prone to remote file inclusion vulnerability.

Impact

Successful exploitation will allow attackers to perform directory traversal attacks and read arbitrary files on the affected application. Impact Level: Application

Solution

Upgrade to the WordPress Browser Rejector Plugin 2.11 or later, For updates refer to http://wordpress.org/extend/plugins/browser-rejector/

Insight

The flaw is due to an improper validation of user supplied input to the 'wppath' parameter in 'wp-content/plugins/browser-rejector/rejectr.js.php', which allows attackers to read arbitrary files via a ../(dot dot) sequences.

Affected

Browser Rejector Plugin version 2.10 and prior

References

http://secunia.com/advisories/51739/
http://www.osvdb.org/89053

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
A-A-S Application Access Server Multiple Vulnerabilities
ApPHP MicroBlog Remote Code Execution Vulnerability
Advanced Guestbook Index.PHP SQL Injection Vulnerability
Allegro RomPager `Misfortune Cookie` Vulnerability

Take action and discover your vulnerabilities